Evaluating Security and Data Compliance in Test Management Software

by René Ceelen, on February 4, 2021

Thanks to the multi-pronged disruption caused by the global pandemic, corporations are reporting a troubling increase in cyberattacks. In a recent study conducted by Tanium, about 90 percent of surveyed corporations blamed the pandemic for reported escalations in cyberattacks.

Although there are many defense strategies that organizations can take to mitigate attacks, penetration testing is one of the more effective solutions. Here’s what you should know:

What Is Penetration Testing?

When an organization decides to undertake a cyberattack defense evaluation, they may authorize penetration testing that simulates a cyberattack on their IT infrastructure. A properly administered penetration test will evaluate system security to identify strengths and weaknesses (such as risks of unauthorized access to data). Penetration testing is not to be confused with a vulnerability assessment, which uses automated software to scan the system for vulnerability. Such an assessment merely looks over the system rather than intruding into it.

There are two types of penetration testing: internal and external. As the name implies, internal testing is simulated from inside the organization. Such testing is typically designed to expose only intranet weaknesses in the company’s firewall. Companies might use internal testing to simulate an attack by a disgruntled worker or vendor. Thus, internal testing is quite limited because it only encompasses a limited set of potential bad actors.

With external penetration testing, the organization contracts with an independent, external (of course) contractor to replicate an outside attack on the network infrastructure. Think of the contractor as a hit man. The only information provided is the IP of the target. The contractor works from there to uncover faults in the network. 

External penetration testing is a superior method. It allows for the possibility of various attacks on servers and firewalls from any attacker in any location worldwide, which means the testing covers more probable kinds of attacks.

The Importance of External Penetration Testing

In addition to simulating more aggressive, widespread, and probable types of cyberattacks, external penetration testing unleashes a wider array of attacks, including inspection of code as a whole or in a dynamic (or running) state. The attacker is essentially seeing the entire system “naked.” The attacker will also test how long they can remain in the compromised system while identifying persistent threats.

Once the simulated cyberattack ends, the invading testers compile an analytic report on any vulnerabilities or potential threats—often flagging them based on importance (green, yellow, red).

For TestMonitor, a world-class software testing company, mounting and maintaining a robust defense against cyberattacks has always been of paramount importance. After all, how can a testing company that takes a lax attitude toward security offer peace of mind to its customers concerning their data and testing needs?

Recently, TestMonitor worked with an external contractor to launch penetration testing. The resulting report speaks for itself:

“The security of TestMonitor is estimated to be very positive. … TestMonitor clearly uses most security best practices and takes its security very seriously.”

The tester deployed “three generally recognized pillars … namely confidentiality, integrity and availability. This security test focuses on technical vulnerabilities with regard to the confidentiality and integrity of the information.”

Additional Security Strategy

In addition to employing top-level penetration testing, TestMonitor also adheres to the industry’s most stringent compliance certifications. As yet another safeguard in protecting our customers’ data, TestMonitor is certified in ISO 27001, an internationally recognized standard for handling information security.

TestMonitor also complies with the General Data Protection Regulation (GDPR), an EU regulation on data security and privacy related to personal data that applies to all organizations operating within the EU, as well as non-EU organizations with customers who are individuals in the EU zone. The bottom line? As the recent penetration testing report notes: “[The contractor] is very satisfied with the security.”

Whether it is our industry-recognized security measures or our next-level commitment to testing excellence, TestMonitor meets and exceeds customer and industry satisfaction. Check out how TestMonitor can satisfy your needs with a free trial today. 

Get started with TestMonitor free trial

Want the latest news, tips and advice in next-level software testing? Subscribe to our blog!