Security issues are usually the most infamous of all, since they commonly involve economic losses, credit card
theft, the release of private data, etc., bringing about negative press and devastating business consequences.
One recent real world example that no one can forget is the massive Equifax data breach in July 2017 in which
99% of its customers’ (146 million people) social security numbers were exposed. The company revealed that it
had known about the security hole since March of the same year, yet failed to protect its customers’ highly
sensitive personal information. As a consequence, by September 2017, the company lost $4 billion.
And, breaches don’t only occur within giant corporations like Equifax or the financial sector, but also in
healthcare, retail, education, and government, among others. The number of U.S. data breach incidents tracked
in 2017 hit a new record high of 1,579 breaches, according to the 2017 Data Breach Year-End Review released by
the Identity Theft Resource Center® (ITRC) and CyberScout®.
Hence, why it is so important to keep security testing in mind!
The OWASP group provides many good
guides as well as tools that allow checks to verify the typical security problems, such as cross site
scripting, injection, known vulnerabilities, etc.
Each organization’s security risk will be different. It is important to determine the potential impact of a
security breach on your organization in order to assess how much time and resources should be devoted to this
area of quality. The more critical the security of your application, the more mature your testing will be if
you take the proper measures to prepare for a breach.
Having at least some basic security checks running periodically allows teams to
consider this aspect of quality and over time, improve their set of controls.