Raina Chen

Security Consultant, Application Security

Raina Chen is a security consultant for Optiv’s application security team. In this role she deliveries a variety of service offerings including web application assessments and web service assessments.

 

Observations on Smoke Tests – Part 3

· By Raina Chen ·

While attending one of our technology partner’s security training courses, the instructor presented on their product’s various features and capabilities. Some of the discussion centered around application and vulnerability management. As a consultant who mainly focuses on security testing, these features seemed rather useless to me. The importance of application vulnerability management was not revealed until I gained career experience with larger, global enterprise clients.

Continue reading

Observations on Smoke Tests – Part 2

· By Raina Chen ·

There are a variety of scanning tools in the market today, from commercial to open source. Some are intended only for identifying a particular vulnerability or class of vulnerabilities, such as weak encryption settings for SSL/TLS. Other scanners are designed for comprehensive, deep-dive web application assessments or for ongoing application vulnerability management. Most commercial application scanners can be divided into two categories according to the environment from which they execute: cloud-based and desktop-based. Both have pros and cons.

Continue reading

Observations on Smoke Tests – Part 1

· By Raina Chen ·

Smoke testing in the traditional definition is most often used to assess the functionality of key software features to determine if they work or perform as intended. In the context of application security, smoke testing is leveraged in a slightly different way, to quickly evaluate the security of web applications. More specifically, Optiv performs smoke tests to reveal common security issues within applications and their respective environments. To do that, we first scan the application and its environment, then manually validate any issues identified by the scanner.

Continue reading
(3 Results)