Slashdot Mirror

← Back to Stories (view on slashdot.org)

Creating a Security Test Environment?

Posted by kdawson on from the as-sure-as-possible dept.

Enderandrew writes "Our IT department has been tasked with creating a list of authorized software, and only allowing software to be added to such a list after it has been thoroughly tested. In theory that sounds like a great idea — but how should we test apps to make sure they are secure? We have tools to scan internal websites, and we use MBSA for our Windows servers. However, I'm turning to Slashdot to ask what are the best methods for creating a test environment where I can analyze apps for security vulnerabilities. We're a multi-platform shop, but my main concern is with Windows apps."

14 of 167 comments (clear)

  1. Number 1 solution by Zosden · · Score: 4, Funny

    Unplug the network cable. Its so easy even a caveman can do it.

    1. Re:Number 1 solution by Anonymous Coward · · Score: 2, Funny

      Well, what if they said, "So easy, even an analyst can do it."?

    2. Re:Number 1 solution by bunratty · · Score: 3, Funny

      Well... that wouldn't make any sense to me.

      --
      What a fool believes, he sees, no wise man has the power to reason away.
  2. If only... by Broken+Toys · · Score: 2, Funny

    If only the Internet had some kind of search engine where one could easily access the experiences of thousands of sys admins and/or developers.

  3. no rootkits by eille-la · · Score: 5, Funny

    You should deny the installation of rootkits, they cause maintenance and security problems

    1. Re:no rootkits by regular_gonzalez · · Score: 4, Funny

      Hey! I work for Sony, you insensitive clod!

      --
      Due to circumstances beyond my control, I am master of my fate and captain of my soul.
  4. Ban Windows except in Virtual Machines by Spy+der+Mann · · Score: 2, Funny

    Seriously. All you need to do is install a user-friendly Linux distro in the workers' machines, and install Windows using VirtualBox.

    That's the only way to be sure.

    If you're talking about installing software on the Windows Servers, I can only say this: ARE YOU OUT OF YOUR MIND!?!?

  5. Put 20 hackers in a room... by Anonymous Coward · · Score: 5, Funny

    and refuse to give them hot pockets until they crack the program.

  6. Re:The only way to be sure... by Thelasko · · Score: 4, Funny

    What? a post that begins with, "The only way to be sure..." and doesn't end with, "nuke it from orbit."

    You must be new here.

    --
    One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
  7. Give it to sales by grandbastard · · Score: 5, Funny

    If a group from sales can't break an app, it's secure.

    You might also use a bunch of chimps. The only difference there is all of the poo flinging, screaming and downright annoyance factor, but it's hard to find good chimps, so it's easier to just put up with it and use folks from sales.

  8. you're asking slashdot? by Anonymous Coward · · Score: 4, Funny

    Boss: create me a secure test environment.

    guy: OK, my first step is to ask the people of the internet.

    types: dear slashdot, how can I create a secure test environment?

    slashdot responses:
    -do not use any microsoft products. they are the borg.
    -the important thing is whether you will use vi or emacs.
    -use a ham radio instead
    -who's going to "helm" the next LOTR "vehicle"

  9. Re:Source code: sloppy or clean? by Darkness404 · · Score: 2, Funny

    But remember, with some of the more sloppy source code projects, you have more security through obscurity. In order to have a system that isn't compromised (yes that is different then a "secure" system) go with obscure things. For example, Windows, OS X and even Linux are prone to crackers with pre-setup tools, you aren't standing up to good hackers, but rather script kiddies who try to hack with newesthax0rtool.exe. If the script kiddie has a script that will work with Windows, OS X, Linux, and BSD, having a Plan 9 system will prevent your system from being compromised, sure, that Plan 9 system may have a gaping flaw, but because fewer people use it, fewer script kiddie tools are built for it, so it remains not compromised for a longer time.

    --
    Taxation is legalized theft, no more, no less.
  10. No software by nategoose · · Score: 3, Funny

    I'm pretty sure if you do away with software completely you'll be pretty safe.

  11. Re:Government... by lorenlal · · Score: 2, Funny

    Where's the +1 (Conspiracy)?