Leading cybersecurity firm LE Global Services (LGMS) recently signed a Memorandum of Understanding (MOU) with inspections, certification and testing provider TUV Nord Malaysia to launch an advanced software security testing assurance program.
“Under the assurance program, LGMS security assessors will conduct penetration testing and source code review on software applications to ensure that there are no weaknesses or flaws that can be exploited by hackers,” said LGMS executive director and senior IT security consultant Fong Choong Fook after sealing the partnership with TUV Nord Malaysia general manager Bill Kong.
The testing report will then be validated by TUV, following which the software owner will receive a certificate of recognition for the software that it is free from vulnerabilities.
The certificate will be valid for 6 months after issuance, or until the next code change of the software, whichever comes first.
“The security testing assurance program is an important step for companies who are keen to protect themselves against the growing cybersecurity threat posed by hackers,” said Fong.
“These cyber criminals exploit weaknesses or bugs in software applications to wreak havoc, stealing data including financial information, holding data for ransom and even shutting down servers and rendering sites inaccessible via DDoS attacks, etc,” he added.
Quoting the Ponemon’s 2015 Cost of Cyber Crime Study: Global, Kong further said that the estimated annual cost for cybercrime committed globally adds up to US$100 billion.
“It is vital for developers to ensure that their software applications do not leave inadvertently leave them open to exploitation by hackers. Software security assurance can deliver that peace of mind by getting security experts to “attack the software” via extensive source code review and penetration testing to find vulnerabilities,” he said.
According to Fong, regular penetration testing is akin to having a periodic health check – you can spot vulnerabilities at an early stage and fix them before they become a liability.
“Code review is probably the single-most effective technique for identifying security flaws. When used together with automated tools and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort,” he said.
The LGMS-TUV Nord tie-up brings another level of assurance by offering software owners an additional third party validation of the vulnerability test results.
Established in 2005, LGMS has earned a reputation for integrity, value and best practices by providing world-class penetration testing and security assessor services to clients from various industries, locally, regionally and internationally.
TÜV NORD Group is one of the world’s largest inspections, certification and testing organisations. The group provides a broad range of advisory, service, and testing services in the mobility, industrial services, international, natural resources and training and human resources fields.