Security is about protecting what matters to us. That could be customer information, your company’s intellectual property, or making sure your systems stay online and usable.
In cybersecurity, this often ties back to the CIA triad:
Confidentiality – keeping information private and protected
Integrity – making sure data is not changed or tampered with
Availability – keeping systems running so people can use them
Security plays a part in every stage of software development. We think about it when planning, coding, testing, releasing, and monitoring. Everyone has a role to play in keeping software secure.
I’ve created a task to help you think about which parts of security testing are most important in your work and where you might want to learn more.
Your task:
Think about the systems or products you work on. Then answer the following questions:
What do you think is worth protecting in your software, and why?
Where could confidentiality, integrity, or availability be at risk? * (For example, data being exposed, changed without permission, or systems becoming unavailable.)
Which areas of security testing feel most relevant to your current work?
What areas of security testing would you like to understand better?(For example, threat modelling, code reviews, or testing for access control issues.)
What skills would you like to build to strengthen your approach to security testing?
Answer the questions in a reply to this thread and see how others in the MoTaverse are thinking about security in their work.
For me, it’s having these core capabilities in the back of my mind whenever I’m planning and executing tests of any kind.
If they become second nature, if you’re always thinking about the security of your products and services, and it becomes embedded in all processes and behaviours, it can greatly help in understanding and mitigating many risks.
Anything that would be a risk to the customer value. Customer value is the most important thing and it is our job to bring highlights to that, it could be software, it could be hardware, it could be our competitors, it could be a improvement to our process.
I could name a 100+ different things here I’m not sure if you are looking for something specific but every single vulnerability, CVE etc is a potential answer to your question.
Pentesting & AppSec, currently building a Security Champion program to become a Security Champion and grow into AppSec. (Will be publicly available)
I’m already doing a lot of Pentest, reviews, SAST, Threat Modeling but I never had to chance to do it for mobile, so mobile reverse engineering is my answer! I still have the courses on my todo list from: https://www.mobilehackinglab.com/
AD …. Active Directory is a pain for me I hate it so much haha
I’ve not actually touched that when specifically looking for security vulnerabilities but I remember just how incredibly complicated it could be to match your active directory groups to roles in the software and handling permissions accordingly. Especially with the different types of trust when you have server & client on different sub domains.
(I think I may have a weird complex as I did enjoy that project!)
I’m not sure if you are looking for something specific but every single vulnerability, CVE etc is a potential answer to your question.