Usually, penetration testing is required for big applications, where security has already been taken into consideration from the beginning of the development process and the customer is hiring external testers, which might have a different view and therefore, might get more creative. The purpose would be to simulate a real attack and track the behavior of the system and how the team maintaining it is able to respond.
Changes that occur in the EU legislation that address software security provided us a great opportunity to discuss about the future of cyber security.
Our Senior pentester Andrei, held a presentation about the opportunities that occur from legislation such as GDPR and how the software development companies can benefit from it, by increasing the security of their products and assuring the clients that they are safe.
This year our senior Security Engineer, Daniel, held a mobile security workshop showing how weak are mobile applications that do not take into consideration the most basic security principles.
The workshop was held in the office of Evozon Systems a software development company from Cluj-Napoca, that invests a lot of effort in the security of their products which together with the members of OWASP Cluj-Napoca decided to offer this one day training to anyone interested in cyber security.
With a few months to go until the new data protection legislation comes into effect, we take a look at what impact this may have on software development and testing companies.
The General Data Protection Regulation (GDPR) will come in effect on May 25th 2018 and many companies are not either A) aware of this change, or B) understand the impact it has on its business. Because of the fact that the penalties are huge, for those who do not comply with the regulation (up to 4% of annual turnover or €20 million, whichever is greater), it is important that all business take action now to ensure complicity.