QA&TEST 2009
8ª Conferencia Internacional sobre Testing y Calidad del Software en Sistemas Embebidos
21-22-23 Octubre - Bilbao, España

Vaibhav Mittal is Software Engineer at Adobe Systems. He has experience of more than 3 years in the field of Software development. His role in Adobe is that of a solutions developer to provide internal tools for different product teams. He has developed tools that support more than 20 products inside Adobe. He has also been part of a software development firm that develops software for a Japanese graphic imaging firm.

Vaibhav holds a B. Tech degree (Hons.) in Computer Engineering from The Technical Institute of Textile and Sciences, Bhiwani.

Vibhore Garg is Software Engineer at Adobe Systems. He has experience of 3 years in the field of Software Testing in Domains like Print, Imaging and Finance. He has worked in various fields of testing including Automation, API Testing, Security Testing, Scripting and Black Box Testing.

Vibhore holds a B. Tech degree in Electronics and Communication Engineering from Ajay Kumar Garg Engineering College, Ghaziabad

Application security has been an uphill battle at many organizations, but this year's report on internal threats is a wake up call that cannot be ignored. With a considerable number of the internal threats originating from applications, security testing is one of the most reliable ways to identify internal security vulnerabilities. One should be ready to perform the security testing on their applications and while doing so one needs to think differently.

In present scenario where security testing is very important and nearly essential for all the web based and the desktop based products we often face the dilemma whether the security testing done for out project is enough or not or, the coverage done meets specific requirement or not. Practically there is no limit of security testing but we need to consider that what all security threats are essential to be covered for our application and should be prioritized. The solution of this dilemma could be a ‘threat modeling approach’. Threat modeling is technique where you can identify the possible attack vectors and vulnerabilities your application can face and identify the potential attack points your application can have.