Security Testing

Security Testing is that genre of QA that assesses the robustness and / or vulnerability of a business application or software system to computing accessibility constructs pertaining to: authentication, authorization, confidentiality, integrity, availability, and non-repudiation. The objective is to qualify the inherent logic of a software to prevent or contain unintended or malicious use by individuals with or without legitimate permission to do so. This warns developers of weak links that may expose unintended use, enabling them to enforce preventative mechanisms that discourages or circumvents improper access.

Although QA Valley has the knowhow to perform several flavors of security assessment, there are five areas of exposure that are of greatest demand by our clientele. These five areas are specifically: 1) Unauthorized Access, 2) Identity Spoofing, 3) SQL Injection, 4) URL Manipulation, and 5) Denial of Service. Through a set of formal practices, QA tools, and test engineers QA Valley is able to assess the robustness of software and systems to these exposure types. The end result is a set of security metrics that highlight exposure levels, poorly design security measures, and pinpoint specific areas of vulnerabilities.

QA Valley is notoriously exhaustive and vigilant in its efforts to uncover areas of greatest exposure in software systems. The press is now saturated with reports covering cybersecurity events being conducted in a global scale against governments, large multinationals, private institutions, and individuals. Security tools have become more sophisticated, but cyber criminals have equally increase their ability to infiltrate some of the most secured systems and institutions. To remain abreast, QA Valley continually upgrade its skills to counteract the growing threats; thereby giving our clients a distinct competitive advantage.

As part of our Security Testing services, QA Valley is retained in long term engagements by larger clients to conduct planned vulnerability attacks to establish the robustness of front end firewalls, or to reaffirm security exposure thresholds after system upgrades. For smaller businesses, these are short term engagements focused on specific areas of vulnerability such as Denial of Service or Identity Spoofing to be conducted prior to a major release. It may also be necessary for businesses to comply with security standards enforced by industries such as financial services, and these are easily executed as single engagements.