Cyber Security and Acceptance Testing
von itsbusiness AG
Acceptance Testing is a huge concern for Cyber Security during deployment of updates to the live system in the Demilitarised Zone (DMZ). Test Architecture, Test Environment and particularly Test Data must be considered. These must not be left open to attack, allowing access to the live system.
- Acceptance Testing within the DMZ needs careful planning. Access to real customer data should not be allowed. Identified test accounts need to be provided for testing purposes. These need to be administrated properly at a level comparable to live systems.
- Test Architecture. This must not be left open to attack, allowing a back door to the live systems.
- Test Environment. This is often not as well administrated, not compliant, and the access to it is not as secure as the live system. You should aim to make the test environment as well administered, compliant and as close to the security access applied to the real system (for example two-part Authentication), with the same access techniques as in the live system. Testers should require the same credentials to access the DMZ during Acceptance Testing.
- Plan ahead for this to make sure your Acceptance Testing is secure. This can take a considerable amount of effort, often weeks.