Security: It’s Everyone’s Business!
Security isn’t only a bit of software that can be bought, installed and forgotten with the occasional upgrade thrown in. Security isn’t only that set of password rules we are supposed to follow. Security isn’t only that locked filing cabinet, or a guard and a scan card reader at the front door. It includes all those things, and many, many more. We all need to think about security differently. Every organisation has thousands of vulnerabilities—weaknesses that could be exploited by a malicious attacker. And, as a malicious attacker, I only need to find one vulnerability to exploit. It could be a helpful staff member holding the door open for a “fellow smoker”, or a person in Finance who believed that last phone call asking them to process “that important invoice”. It might be an open comms port on the production web server, or the unpatched server in the test environment. Or it could be the report listing last week’s customer contacts that is mailed to the sales staff each Monday (including the sales staff who have left the organisation). I mention these because my colleagues and I have used all these techniques (and many more) to test organisations. We are security testers.
KeywordsSoftware security Software quality Security testing Security tester
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.