Software defects cause businesses and even countries a lot of damage. Millions of dollars are being blown away because of security flaws annually and software breaches can be even more harmful hence they cause lack of trust in addition to financial losses. One of software’s largest concerns is security and the ability of others to infiltrate and even abuse enormous infrastructures.
This matter gets more important when military technologies are concerned as one hack may be a threat to global peace. Several researches have already found a large hole in internet-based systems used by US military. The same system is in active use at numerous hospitals and even some private industries. Basically the system we are talking about is used to control alarms, boilers, air conditioning, etc.
Niagara framework powers considerably more than 12 million devices in 50+ countries. And it allows hackers to seize partial control over several critical elements of an infrastructure. Niagara is useful, simple and innovative. US military uses it to monitor medical devices in hospitals and it’s also used as a personnel tracker in army facilities. Yes, this framework allows a vast amount of powerful features, yet security is not so strong with this one. Considering that even Tridium, the company behind Niagara has admitted their framework has potential security opening and vulnerabilities simply imagine what that knowledge may have done in wrong hands?
What may be said here? All software needs to be tested. There are certain levels of apps that allow to be less attentive with security matters as such solutions present no threat. However, in our case even the slightest vulnerability must be detected, injected and fixed. There are several practices that cannot be compromised in terms of testing sessions when really powerful, feature-rich software is at stake:
- Penetration testing. Proper pen tests never stop at detecting vulnerabilities. Testers put on actual hacking hats and exploit all possible weaknesses to their core. Testing flow resembles actual hack attacks and is one of most powerful lines of defense you may have.
- Load testing. Considering your possible internet-connected solution may be designed to maintain several hundreds or even several millions users will it not break after one million and one login attempt? Such heavy loads are one of any hacker’s favorite tools tailored for crushing numerous software platforms thus maximum possible load must be tested properly.
- Stress testing. Peak loads are not the only stressful conditions your software may be operating in. And you would be surprised to find out how many weaknesses show up simply because software is not being used in a way it was designed to.
Created: 16 Jul 2015
LET'S GET STARTED!