No prizes for getting this right though.
These leading brands and start-ups were all hacked in the last 3 weeks and more importantly anyone with basic knowledge of Application and Network Security could have done that.
The security breach of these web and mobile applications does pose a serious question - How secure are the web and mobile applications these days?
Let's first accept the fact that in the mad rush to get products out in the market many companies do compromise on Quality Assurance and Testing. For most of these internet firms, where time-to-market plays a vital role, quality assurance has often been an afterthought.
This is not the first time that data from a mobile app or a website was compromised. A study done in 2013 looked at 230 top apps from third-party sites outside of the Apple App Store and Google Pay marketplaces, including the top 100 paid apps on Android and iOS. Among the paid apps, the study found 92% of the iOS apps had been hacked, compared with 100% on the Google Android platform.However, only 40% of the popular free iOS apps had been hacked, rising to 80% for free apps on the Android platform. More than 75% of the websites are never tested for security vulnerabilities.
The list of companies getting hacked includes several known names - Premera Blue Cross, Anthem, Sony, U.S. Postal Service, Staples, Kmart, Home Depot, JP Morgan, Target and P.F. Chang’s.
Here is what you can do to make sure that you do not face the embarrassment of getting hacked.
1. It's all there in the code - Make sure your developers and architects understand the importance of security and that it is in-built while coding. Use of static-testing tools like Kiuwan can expose many such flaws while your product is being developed. For e.g. while recently testing an iOS SDK we came across following observations.
2. Educate your customers what security is all about and what is means to their business
The software development firms, most of the time, do not focus on security. The focus mostly stays on UI/UX and Functionality and security takes the backseat. Most of the development firms we work with did not have any clue that their web and mobile applications are soft target for hackers. That's precisely the reason Security Testing should be an integral part of any organization's test strategy.
3. CIOs/ CTOs must keep aside a budget for Testing
The CXOs should understand and acknowledge that QA is an integral part of Software Development and not just an activity that is performed as a ritual. While Cost of Quality must be on the radar, the focus should more be on prevention than cure. Bear in mind that cost of preventing a defect is lot less than curing it. By the time you fix the defect the damage is already done - the identities have been stolen, bank accounts cleaned up and your brand image tarnished. This can lead to immediate shutdown of businesses in some cases. Having spoken to many CXOs in the past I have found that most of them either do not understand the importance of QA or it is an afterthought for them. Many organizations that do have a QA department have it for name sake.
Hire a QA consulting firm and get educated or you will learn the hard way.
4. Get your applications tested by a QA / Software Testing firm before you put them in the market
Yes, it costs money but you would rather pay upfront than run a risk of someone suing you for their data being stolen.
- JP Prasad is Founder and CEO at ImpactQA. Prior to setting up ImpactQA, JP worked in various leadership roles for clients like American Express, JP Morgan Chase, Toyota and Schneider Electric.