Test Environment for Security Testing – by Santhoshst
Security Testing Tips: Test Environment for Security Testing
One of the challenges in security testing is, setting up the test environment. If you are a small scale organization and there are no lots of processes, then it could be easy for you to go ahead and setup a test environment like you want, but in the bigger organizations when it has lots of processes it could be hard. There could be network related blockers that you may want to clear (Example: You want to download a software which you want to use for security testing purpose, and that source of download is blocked by the network of the organization). If your test environment is a blocker for you, then I would better recommend to not performing security testing and thereby, you can at least save costs.
Isolated network of computers
It is important to have a separate network dedicated for security testing. This is because, you do not want to affect the other computers on the network if you download some software and it is infected with malware / adware or any malicious thing.
No website blockers
The network shouldn’t be blocking any website that you want to browse for learning about some hacks or downloading any software to aid your hacking activity. Let your network policy doesn’t end up blocking your learning.
Administrator rights for computers & other devices
In my experience, I have faced lot of blockers when the computer that was given to me did not provide administrative rights. For changing some of the settings in order test for security, I had to e-mail the infrastructure team to change the settings and that consumed time. Before starting, it is important to ask for a computer with all the rights to change / modify any setting.
Installations of software before commencement
Make sure that you are ready with installations of all required software before you commence security testing activity. This is because, it will save you time if something doesn’t get installed or doesn’t work properly while you are testing for security. So, installing the required software like proxy, burp suite, Wireshark, backtrack, kali linux, mantra browser, nmap and lot of many other tools happens without any hassles.
No code changes to be done
When testers are testing for security, no code changes should be done. It is important that you have separate environment and not the same which developer uses check in his / her code. And also, security testing needs to be done once functional testing is done and all the bugs reported are fixed.
Latest posts by Santhosh Tuppad (see all)
- Writing exploits – Learn programming to build a strong report – by @Santhoshst - December 25, 2014
- Is Your Third-Party Integration Secure? – by @Santhoshst - November 15, 2014
- FAQs by Developers for Security Vulnerabilities Reported – by @Santhoshst - October 20, 2014