Security testing has had a low priority for development and quality assurance (QA) organizations during the Application Lifecycle Management (ALM) process. For many projects, security testing is limited to validating that functional requirements for user sign-on to the application system were properly developed and implemented. With the increased use of cloud computing infrastructure, mobile business applications, complex technology stacks and open source software, a business can no longer take an internalized view of security for ALM. The threats are real and need to be incorporated in all test strategies and project plans.

With the rise in cybercrime and current awareness of the risks associated with software vulnerabilities, application security is now something that needs to be designed and developed at the same time as business functionality. Security testing reviews and validatesthe software for confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Individual tests need to be conducted to prevent unauthorized access to the software code. This level of security testing is not currently performed in industry as part of the development cycle. Gartner states that more than 75% of mobile business applications would fail a basic security test. That is an alarming statistic and an indictment for the IT organization.

Business application security needs to address many questions that including the following:
  • Does your application maintain privacy of your data?
  • Can the data from the application be trusted and verified?
  • Does the application check for individual authentication?
  • Does the application properly limit you to your authorized privileges?
  • Can an attacker take your application off-line or down?
  • Does your application maintain an audit trail and keep event records for later verification?
Omni Sourcing has developed a structured process to assessour clients business application architectural components to identify, quantify and address security risks associated with the specific application. Our objective is to address security vulnerabilities and employ principles of secure design early in the ALM process. This will reduce the potential for security threats and development costs. We analyze potential security risks through evaluating data sources, processes, data flows and user interaction. We utilize the structured PMBOK Project Risk Management Process to quantify each security threat and risk mitigation to address each security. This process results in development and implementation of a detailed security plan as part of the risk management process.

Our security professionals have the capabilities to test, monitor and update the detailed security plan on a one-time basis or part of a continual security mitigation strategy. We understand the security threats present in industry and have developed tests for clients to protect against their current business model. We provide guidance to the IT organization on how to be prepared to respond to business security crises related to theft and data loss; and to prevent or mitigate future occurrences. A business that is proactive towards establishing and improving application security will result in sustained success.