Slashdot Mirror

← Back to Stories (view on slashdot.org)

Creating a Security Test Environment?

Posted by kdawson on from the as-sure-as-possible dept.

Enderandrew writes "Our IT department has been tasked with creating a list of authorized software, and only allowing software to be added to such a list after it has been thoroughly tested. In theory that sounds like a great idea — but how should we test apps to make sure they are secure? We have tools to scan internal websites, and we use MBSA for our Windows servers. However, I'm turning to Slashdot to ask what are the best methods for creating a test environment where I can analyze apps for security vulnerabilities. We're a multi-platform shop, but my main concern is with Windows apps."

9 of 167 comments (clear)

  1. Number 1 solution by Zosden · · Score: 4, Funny

    Unplug the network cable. Its so easy even a caveman can do it.

    1. Re:Number 1 solution by bunratty · · Score: 3, Funny

      Well... that wouldn't make any sense to me.

      --
      What a fool believes, he sees, no wise man has the power to reason away.
  2. no rootkits by eille-la · · Score: 5, Funny

    You should deny the installation of rootkits, they cause maintenance and security problems

    1. Re:no rootkits by regular_gonzalez · · Score: 4, Funny

      Hey! I work for Sony, you insensitive clod!

      --
      Due to circumstances beyond my control, I am master of my fate and captain of my soul.
  3. Put 20 hackers in a room... by Anonymous Coward · · Score: 5, Funny

    and refuse to give them hot pockets until they crack the program.

  4. Re:The only way to be sure... by Thelasko · · Score: 4, Funny

    What? a post that begins with, "The only way to be sure..." and doesn't end with, "nuke it from orbit."

    You must be new here.

    --
    One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
  5. Give it to sales by grandbastard · · Score: 5, Funny

    If a group from sales can't break an app, it's secure.

    You might also use a bunch of chimps. The only difference there is all of the poo flinging, screaming and downright annoyance factor, but it's hard to find good chimps, so it's easier to just put up with it and use folks from sales.

  6. you're asking slashdot? by Anonymous Coward · · Score: 4, Funny

    Boss: create me a secure test environment.

    guy: OK, my first step is to ask the people of the internet.

    types: dear slashdot, how can I create a secure test environment?

    slashdot responses:
    -do not use any microsoft products. they are the borg.
    -the important thing is whether you will use vi or emacs.
    -use a ham radio instead
    -who's going to "helm" the next LOTR "vehicle"

  7. No software by nategoose · · Score: 3, Funny

    I'm pretty sure if you do away with software completely you'll be pretty safe.