q-leap, a specialist in software testing and quality assurance in the Grand Duchy, organized its third Luxembourg Software Testing Event at the Da Vinci Forum on Thursday October 5. In a previous article, we discussed the challenges of mobile testing and the possibilities offered by virtualization for testing how an application will react to its environment once deployed. In this second article, we return to a key point of this event: the challenges of security testing.
THE NEW CHALLENGES OF SECURITY TESTING
The last two presentations were devoted to the challenges of security testing. To help companies gain better control over their security testing activities, and experts benefit from effective testing campaigns, the SnT (Interdisciplinary Centre for Security, Reliability and Trust), an offshoot of the University of Luxembourg and represented at the event by Fabrizio Pastore and Lionel Briand, has developed a methodology and a chain of tools designed to identify and test security requirements systematically and thoroughly, based in particular on artificial intelligence. “Devices collect and access a wealth of data. In this context, we need to be aware that every software or application component can be vulnerable: malicious code can be injected, data structure can be manipulated, confidential information can be collected and analyzed… explains Lionel Briand. The possibilities for attack are numerous. So we need to be able to prevent them, by understanding, identifying and testing all the layers of protection, in particular through an automated vulnerability detection process.”
SECURITY TESTING AS PART OF THE IOT BOOM
Finally, Cédric Messeguer, Managing Director, and Peter Stiehl, Hacker at Digital Security – Econocom, spoke about the importance of security testing in IoT development. The rise of connected objects and their increasing use is leading to new risks of vulnerability. Operating systems are still almost unknown, architectures are complex, data must be protected through a dozen different programming languages…”. What’s more, attacks on IoTs are facilitated by their physical access,” explains Cédric Messeguer. That’s why we’re developing new test solutions for connected objects, which detect threats and incidents.”
” We all have connected objects in our homes. However, they entail certain security risks that are still sometimes completely overlooked, because testing takes time and represents a certain cost,” explains Farid Khadir, Partner Development Manager at Neotys. Ultimately, the role of such an event is to educate and raise awareness of the importance of testing, which is not yet a mature market in Luxembourg. “
