I can sum this up in one word: Sony.
There’s a reason that security breaches sometimes make huge headlines – because they pose a serious threat to even small companies. As our everyday life relies more and more on computers and subsequently software, we must never take security testing lightly. In fact, the more computers control our lives, the more important it is to make sure they are secure. Computers control our traffic lights, airplanes, water systems, power plants, and in some cases, even our bodily functions. Malicious users have no shortage of targets and a never-ending opportunity to cause serious damage to many people – sometimes thousands or millions all at once.
Unfortunately, security testing is an ongoing task. Just because you tested the security last year, or when the application was released, doesn’t mean that malicious individuals haven’t devised a new way around your defenses. It’s not the same as putting a lock on your door. Think of it more like putting hundreds of locks on your door, and every so often someone breaks one of them. Eventually, you’re going to have to upgrade.
Security testing isn’t something that can be handled by the average tester. It takes skill, experience, and ongoing training to stay ahead of new software tricks. Testing security means thinking like a malicious hacker, and that takes a slightly different mindset – one that average testers don’t generally have. Security testing is a full time job, in and of itself.
So the next time you think that passing on the security testing will save you a few bucks, imagine if the developer of your bank software thought the same thing. Or the manufacturer of the navigation system of the plane you’re on. Or the manufacturer of your computerized pacemaker. There are places to cut corners in software, but security isn’t one of them.