A World of Good (Standards): The Globalization of Security Testing

Surely and not-so-slowly, the concept of "internationality" is disappearing — at least in terms of the free exchange of information — and the tiny, expensive devices in our pockets and purses are leading the charge.

For end users, the benefits of global information access are as obvious as they are numerous, especially thanks to apps such as Word Lens that can make you feel at home almost anywhere. But for developers facing international audiences for the first time, globalization brings a whole set of problems packed into a single, powerful word: standards.

This is especially true where application security testing is concerned. While every mobile platform is built with some degree of localization for the international markets it's used in, the nuts and bolts are largely the same. And that's only one compelling argument for global standardization of application security practices.

Different Countries, Different Needs, Different Practices

None of this is to say all mobile software needs a homogenized approach. Country-specific software often takes on the traits of its developers' culture. Anyone who's seen an interface designed for use in Germany, for instance, will tell you software on that side of Atlantic tends to offer users a lot more options, often to the detriment of overall ease of use.

But security testing standards are different, especially when an app is designed for an international audience. Web- and mobile-app users everywhere might have varied needs and expectations when it comes to security and privacy, but they all have them. And though communication is usually the first line of defense here, the language gap can sabotage attempts at international security outreach. Though the math that runs our favorite mobile apps is universal enough, the language needed to apply it effectively is anything but.

To put all this another way, there's a difference between theory and practice. Even if international companies want to get on board with uniform security testing standards, there's still a big challenge: How?

Bridging the International Gap

The answer? Plenty of automation, for starters, and expert input when human intervention is required.

Agile accounts for a lot of the software being developed today, and automation is already a huge part of that process. Applying it to an international security testing standard just makes sense: The more aspects of your security management you can automate, the less time you'll spend trying to bridge those aforementioned gaps.

Think about it. Unlike people, automated processes don't need to spend time explaining the newest, most bleeding-edge concepts in security testing. Done properly, a single group of people in a centralized location can implement them anywhere. Behaviors can be analyzed, strings of code can be tested, and security standards can be enforced consistently across the globe, leaving little room for the language barrier (or lack of information, or any other number of security-related problems) to get in the way.

In a mobile-app scene where multibillion-dollar corporations and two-person garage groups work shoulder-to-shoulder in the same industry, this also democratizes security from a finance perspective. When all apps share the same focus on keeping end users and their data safe, every company has the opportunity to release safe software.

The second leg of our proposed solution is a preventative — as opposed to a prescriptive or reactive — outlook on security testing, administered by experts in the field. The same benefits of centralized knowledge apply regardless of language. Automation can take the sting out of a lot of the more common security issues by providing a consistent set of practices and procedures, but when exceptions arise, who better to deal with them at the international level than people who have dedicated their careers to security?

A Globalized Security Focus

As the old saying goes, "The world keeps getting smaller every day." When companies the world over approach app security with the same mindsets and standards, the "wall" protecting their end users only becomes stronger. That creates a healthier market for everyone — which is a good thing, no matter what language you speak.

Photo Source: Wikimedia Commons

About Evan Wade

Evan Wade is a professional freelance writer, author, and editor from Indianapolis. His time as a sales consultant with AT&T, combined with his current work as a tech reporter, give him unique insight into the world of mobile/Web security and the steps needed to properly secure software products. Follow him on Twitter.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.