HomeSecurity Testing Concepts

The importance of Security Testing

The importance of Security Testing
While the complexity of the software systems is increasing along with the advancements in the technologies like Mobile, Cloud, AI, IoT etc., the threats from cyber-attacks are also increasing in parallel. As a result of these security breaches/attacks, the organizations may not only face financial loses but also lose their reputation in the market. Hence it is very imported to identify the security weaknesses/loopholes in the system and get them resolved in a timely and prioritized manner. To take you to the reality, the major security breaches happened so far are listed in the below section:

Major Security Breaches: Based on the damage caused by security attacks, the list of major security breaches are provided below:
  • Yahoo
    • The attack on Yahoo has exposed the usernames, email addresses, phone numbers and other important private information.
    • 3 Billion User accounts have been hacked in the year 2013-14
    • Impact: Due to the security breaches, Verizon has acquired Yahoo by paying $350 million less than the quoted price.
    • Attack type: Outdated MD5 password hashing algorithm was compromised by the attackers.
  • Adult Friend Finder
    • The attack on Friend Finder Network has exposed the usernames, emails, addresses, and passwords.
    • More than 412.2 million accounts have been hacked in the year 2016 and 20 years of data available on six databases have been exposed.
    • Attack type:  Weak SHA-1 hashing algorithm was compromised by the attackers by attacking a Local File Inclusion Vulnerability available in a module on the production server.
  • eBay
    • The attack on eBay has exposed user names, addresses, date of births and passwords
    • 145 million accounts have been hacked in the year 2014
    • Attack type:  Hackers gained access to the 3 employee accounts, accessed the system for 229 days and were able to gain control over the database.
  • Equifax
    • The attack on Equifax has exposed Social Security Numbers, date of births, addresses, driving license numbers and credit card details.
    • 143 million accounts have been hacked in the year 2017
    • Attack type: Application vulnerability on one of their websites has resulted in a data breach.
  • Heartland Payment Systems
    • The attack has exposed credit card details of the users.
    • 134 million credit cards were exposed in the year 2008
    • Impact:
      • The company was not allowed to process the credit cards of major brands until may 2009.
      • The company has also paid $145 million in compensation for loses.
    • Attack type: SQL Injection was used to install spyware on the data systems of Heartland
  • Target Stores
    • The attack has exposed credit/debit card details and other contact information of the users like names, addresses, email addresses and mobile numbers.
    • 110 million accounts have been hacked in the year 2013
    • Impact:
      • CIO and CEO have resigned
      • The company has experienced a loss of $162 million.
    • Attack type:  Hackers gained access through a third party HVAC vendor to its POS (point of sale) payment card readers.
  • TJX Companies
    • The attack has exposed credit cards.
    • 94 million credit cards have been exposed in the year 2006
    • Impact: Companies, Banks, and Insurers lost close to $200 million.
    • Attack type: Attack type is not clear. Few believe that the hackers have attacked weak data encryption system to access credit card data and other believe that the attackers have broken into the TJX network through the Kiosks established at the store for applying for jobs.
  • Uber
    • The attack has exposed personal information of users and drivers.
    • 57 million Uber accounts and 6 lacks driver accounts have been exposed in the year 2016
    • Impact:
      • Uber has blamed its CSO and fired him.
      • Uber paid the attackers $100000 for destroying the exposed details and made a statement that it is a ‘bug bounty’ fee.
      • Uber has ended up in selling its stake to Softbank for $48 billion, where the initial quotation was $68 billion.
      • Uber has lost its reputation and money.
    • Attack type: Hackers were able to access Uber’s GitHub account and found the credentials for accessing the Uber’s AWS account.
  • JP Morgan Chase
    • The attack has exposed data of households and small businesses like name, addresses, email address, phone numbers and other information.
    • 76 million household account and 7 million small business account have been exposed in the year 2014
    • Attack type: Hackers were able to gain root access to more than 90 bank servers for transferring money and closing the accounts.
  • Sony
    • The attack has exposed names, passwords, email addresses, addresses, purchase history, credit card numbers and Sony’s PlayStation Networks credentials.
    • 77 million PlayStation accounts and 12 million credit cards number have been exposed in the year 2011
    • Impact: Sony paid $15 million in settlements.
  • Anthem
    • The attack has exposed the names, addresses, social security numbers, employment histories and date of birth details of customers.
    • 78.8 million customer accounts have been exposed by the health insurance company in 2015.
    • Impact: Cost of this attack has exceeded $100 million.
  • Adobe
    • The attack has exposed the credit card details and login details of the customers.
    • 38 million user accounts have been hacked in the year 2013.
    • Impact: Adobe has ended up in paying $1.1 million as legal fees and the other $1 million to customers to settle claims.

Conclusion: As the number of cyber-attacks are growing with the advancements in the technology, efficient and effective security practices needs to be implemented by all the organizations in a timely and priority manner to avoid the losses and protecting their reputation. Hence Security Testing is very important to ensure the security of the systems and thereby protecting the organizations from losing money and reputation.

Please leave your questions/comments/feedback below.

Happy Learning 🙂

Arun Motoori (www.QAFox.com)

Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *