“What if…?” Testing
Often projects are behind on schedule and features with little to no time to experiment with designs. If it takes several days/weeks to build an environment, there is no incentive to try other options, like “Will increasing encryption levels affect performance?” or “Will this open source database perform as well as the commercial product?”
By working from a system design in the library, CONS3RT users can quickly change system design parameters, configuration or components, re-launch and retest to get “apples to apples” data for comparison. And if schedule to build/test overnight or on the weekends, the cost is very, very low.
Rapidly re-validate compliance as changes to baseline (version, bug fix, vulnerability patches) occur. Standing up an environment that faithfully reproduces what is in the field in order to do a re-scan can take lots of time.
Performing security validation inside CONS3RT along the way means when a change comes along it is a quick process to re-run existing test cases, leveraging both the tools in the library (manual) and tools as services (automated). Typical edits to a system design and relaunch can be done in minutes. In fact, by having the security tests already in the library, testing can be done during the development and debug phase, rather than as an afterthought.
Often enterprise testing falls into the “can’t see the forest for the trees” trap. To much emphasis (and blame) is place on the underlying infrastructure and stack because there is uncertainty and unknowns. Focus ends up on the network and the memory but should be at the top layers of the stack, what affects users and how.
Systems built from a managed library ensure variability has been removed from the equation. Even the most complex set-up can be captured and reproduced faithfully, allowing testing to focus on the application and its requirements. Multiple deployments of the same configuration enable broader testing to mimic the enterprise.
Test & Security Tool Resources
Organizations have limited budgets for test & security tools. The bigger the project, the more expensive the tools, further reducing the coverage. The group can’t buy all the tools it needs to validate all of their functional, performance, and security targets. What’s more, the team is unlikely to use the tool more than 10% of the time as they wait for resources.
Being part of the community allows for greater pooling of resources, including test tools. Some resources are provided at the site level, others are shared by members. Chances are, a tool you need for a test or security scan is available in our library.