Tag Archives: security testing

WEB SECURITY & MOBILE APP SECURITY TESTING BY (ETHICAL) HACKERS

Posted on by 2 comments

Do you hate nightmares? If you do, then please continue reading it as you are possibly one of the target audience for security testing services. Typically, many start-ups or organizations do not test their software for security. Most of the times organizations are only bothered about functional aspects, while; usability & accessibility are used as add-ons (UK and US customers).  Long ago, there were very few hackers in 90s however, nowadays we have handful of them who always want to breach the security for whatsoever reasons. Irrespective of any reason, as an organization it is important to safeguard the sensitive data.

At TestInsane, we thrive for excellence in security testing and we have hand-picked ethical hackers from the industry across India. We are mix of tool-assisted and brain-assisted ethical hackers who are always in hunt for security vulnerabilities. We accept the fact that, there cannot be fool-proof secured applications, but better tested applications where we make a better effort in building a wall against the hacks from unethical hackers.

Security Testing

Security Testing

Here is a questionnaire for you to decide if you need security testing services,

  • Can you afford to lose your customers?
  • Can you afford to lose to your competitors?
  • Can you afford to have down-time?
  • Can you afford to have bad reputation via social media?
  • Can you afford to get sued?
  • Can you afford to pay hefty amount for hosting for non genuine usage? (Cash overflow attack)
  • Can you afford to go out of business based on critical vulnerabilities?
  • Can you afford to face the questions by media?
  • Can you afford to face lawsuit?
  • Can you afford to have negative propaganda about your company / brand?
  • Do you care for the privacy of your customers data?

If the majority answers were “NO”, then you are eligible to get your software tested for security.

Many businesses know to make business, but at times fail to maintain the business and incur a bigger loss. One aspect where your business can go haywire is when your software is not tested for security.

Our customers have been happy with our security testing services for web and mobile both. Here is one of the testimonial from our customer and it goes like this,

iMentor is a non-profit organization based in New York City. It builds mentoring relationships that empower students from low-income communities to graduate high school, succeed in college, and achieve their ambitions. In other words, iMentor is an organization with a mission to improve the lives of young students, and in the fall of 2014, Test Insane helped iMentor fulfill that mission.

I first spoke with Santhosh and Karthik via Skype and knew right away that they would be our amazing new security team for the web app at iMentor. This web app runs the mentorship program for 10,000 mentors and mentees across the US, and it must be a secure environment for them. Enthusiastic, knowledgeable, flexible. These guys were hungry for the project and even described themselves as “lions before the feast”! We began immediately and had no trouble integrating their work into the work of the broader web app team at iMentor.

In particular, I appreciated the desire of Santhosh and Karthik to go beyond the boundaries of the security project and improve the iMentor web app in any way possible. They found bugs in its functionality, made suggestions about its UI, and gave insight into their experiences as new users. All of this passion and expertise coalesced into a solid month of work with a prioritized list of security issues, recommendations for their resolutions, and the aforementioned improvements.

We’re thrilled to make Test Insane our security team and were impressed with the wide range of skills Santhosh and Karthik offered beyond security. Thanks so much from iMentor!

Ben Robinson, Product Manager

Does this convince you? If it doesn’t then we can discuss about how we can make this happen & rock together! Write to me at st@testinsane.com

 

Our first open-source contribution: HTML Comment Extractor (HCE)

HTML Comment Parser by Test Insane Software Testing Services

We always wanted to give to the testing community and that is why we have a separate dedicated team which makes sure we are consistently giving to the community. It is not that it is a good thing to give to the community, but we feel good by doing so and that is sufficient for us. And anything that we get back from the community is always a bonus for us and makes us feel good too. This is just a start and we shall contribute to the testing community whenever our hearts tell us to give. And we would love to say this, “We make sure we dedicate some time in a day to think of such ideas which can add value to our Software Testing community where testers or developers or managers can get benefited in testing their software.”

Why did we develop HTML Comment Extractor / Parser?

Long back, when we were working on a project on Retail Domain, we saw some sensitive details in the comments (HTML and Javascript) on the client side code of a web application. The comment revealed third-party analytics login credentials and one could easily get the analytics data if they land on these kind of comments. So, we thought of building a utility which could extract the comments from the URL we provide and then it runs through the extracted comments for the sensitive information. And sensitive information is defined by dictionary that has the possible keywords which a tester or a developer or test manager or anyone can define based on the context and the context is what they mean by sensitive information or any information that can help them.

This utility is developed using Python. We thank people responsible for developing this beautiful programming language Python. We also thank our team member Sandeep Tuppad who developed HCE for the testing community and Karthik Kini who got the product page for this utility running up (http://apps.testinsane.com/hce).

A quick overview: Here is pictorial representation of how HTML Comment Parser Utility works?

HTML Comment Extractor Pictorial Representation

For complete guide, use our ReadMe.txt file.
You can download the utility along with source code at http://apps.testinsane.com/hce/

We Love To Help

If you face any difficulties in using it or if you have any ideas, please feel free to share with us and we can work together in building something and giving back to the community if there is a mutual interest. Write to us at welovetohelp@apps.testinsane.com.