Testing News, Articles and Updates

Fuzz testers taking less time to spot vulnerabilities in IoT protocols

A review of Fuzz Testing results from various industries in 2016 showed the overall average time to first failure (TTFF) was 1.4 hours, meaning testers are taking less time to find vulnerabilities than in 2015.

Cyber UL nonprofit uses binaries to assess software quality

Security researcher Peiter Zatko, better known in the industry by his hacker moniker "Mudge," will unveil details of a cybersecurity "underwriters' laboratory" project that he announced last year on Twitter.

Video: Building blocks of IT security 3 - Acceptance into service

Having delivered a properly thought through requirement at building block 1 and a mature design with some development testing at block 2, we now move to block 3 where build-out of the design and the intensive programme of testing and acceptance into service is to be achieved, says Tony Collings.

Industry Innovators: Analysis and testing

Our selection in this category is living proof that one doesn't need a big organisation to turn out a first-rate product with a lot of innovation behind it.

How can security vendors reduce their own attack surface?

Following the news that Trend Micro's Password Manager would allow hackers to execute malicious code we ask, how secure are security applications?

RSA: Thousands of Android apps found to be vulnerable

Vulnerability testing by CERT found tens of thousands of Androd apps are vulnerable and no full register exists as they don't all get CVE assigned.

Invite attacks to identify weaknesses

Intelligence-led third party red-teaming testers can identify the blind spots that in-house teams thought they had covered suggests Simon Saunders.

Why we need a tighter framework for social engineering penetration testing

Protect against real-world threats and test the most likely scenarios using relevant models, including low-tech, says Gavin Watson.

The need for resilience

The ability to detect and respond when your security is breached are of paramount importance in ensuring organisational resilience says Alan Calder.

Improving real-world security: Think resiliency

Resiliency is moving up the agenda, for both attackers and defenders, says Fred Kost, who adds that systems need to be built - and tested - to assure safety.

B-Sides SF: 'You suck at your job'

"You suck at your job" was the Michael Roytman's controversial opening line to the audience of white hat hackers at the B-Sides event run prior to RSA San Francisco.

Top 5 most common security development errors

Keeping it simple and ensuring the basics are properly covered is likely to result in the biggest improvement in software security, says Cigital's Paco Hope.