Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Malaysian financial security firm in tieup with German software specialist

AvantiKumar | Sept. 6, 2016
To better detect hacking attempts, a local financial services security consultancy will perform certification-linked penetration testing.


Photo - LGMS executive director and senior IT security consultant Fong Choong Fook (left) after sealing the partnership with TÜV Nord Malaysia general manager Bill Kong.


A Malaysian financial services cybersecurity firm has recently signed a memorandum of understanding (MOU) with German technical services, certification and testing provider TÜV Nord to launch an advanced software security testing assurance program.

"Under the assurance program, LGMS security assessors will conduct penetration testing and source code review on software applications to ensure that there are no weaknesses or flaws that can be exploited by hackers," said ethical hacker and security consultant Fong Choong Fook, who is also executive director of LE Global Services (LGMS), which signed the deal with TÜV Nord Malaysia.

"These cyber criminals exploit weaknesses or bugs in software applications to wreak havoc, stealing data including financial information, holding data for ransom and even shutting down servers and rendering sites inaccessible via DDoS attacks, etc.," Fong said.

According to Fong, regular penetration testing is similar to a periodic health check. Vulnerabilities can be detected at an early stage before they become a liability.

"Code review is probably the single-most effective technique for identifying security flaws. When used together with automated tools and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort," he said.

Test reports

"The testing report will then be validated by TÜV, following which the software owner will receive a certificate of recognition for the software that it is free from vulnerabilities," said Fong.

The certificate will be valid for 6 months after issuance, or until the next code change of the software, whichever comes first, he said.

"The security testing assurance program is an important step for companies who are keen to protect themselves against the growing cybersecurity threat posed by hackers," said Fong.

TÜV Nord Malaysia general manager Bill Kong said Ponemon's 2015 Cost of Cyber Crime Study: Global, Kong further noted that the estimated annual cost for cybercrime committed globally adds up to US$100 billion.

"It is vital for developers to ensure that their software applications do not leave inadvertently leave them open to exploitation by hackers. Software security assurance can deliver that peace of mind by getting security experts to "attack the software" via extensive source code review and penetration testing to find vulnerabilities," he said.

Founded in 1869 and headquartered in Hanover, Germany, inspections, certification and testing organisation TÜV NORD Group provides a broad range of advisory, service, and testing services in the mobility, industrial services, international, natural resources and training and human resources fields.


Sign up for CIO Asia eNewsletters.