They neglected testing and demanded fluidity. Here is a few examples of defective applications and the dangers they faced.
It seems that software testing is the foundation of any firm that seriously approaches its’ business. Unfortunately, there are still situations where project partners skip the testing stage. The consequences of their decision becomes clear mostly after their software makes its’ public debut, and we promise those are not pleasant moments.
One of the bloodiest victims to emerge from a lack of testing in the gaming world is “Assassin’s Creed Unity”. The Assassin’s Creed series is a pearl among items published by Ubisoft – a legendary company in the industry.
In the case of this game, the lack of proper testing was obvious, because just after the release of the game, it became obvious that it was practically impossible to play it. Internet forums blew up from frustrated fans’ feedback and programmers hastily wrote patches to try and combat the errors.
The game ended up with a series of patches, official apologies and a free game from the Ubisoft directory for every affected player. Because of this, the savings that Ubisoft had saved by not testing went out the window. The only thing that saved Ubisoft in this case was the fast reaction of their developers and their strong market position.
One of the most recent examples involving a failure properly test a payment gateway occurred on November 3, 2017. The errors occurred on a Polish payment site called Przelewy24.pl. There were a series of critical errors that allowed unauthorized access to the database, which enabled some users to make purchases without actually paying for them.
The problem proved to be so large that the operator ran an email campaign targeted at their clients which urged them to disable plug-ins until the appropriate fixes were made. Financial losses, including the sale of goods without payment are just some potential risks that shop owners are exposed to.
In theory, this type of software should be tested to the highest degree and be protected in many different ways. The SSL/TLS certificate is currently an industry standard, and the lack of it seems to be an explicit request for trouble. Owners of e-commerce systems should also ensure that they regularly back up their pages and store them on secure servers, as well as encrypt personal data, in particular passwords.
Program errors that fail to store or protect your files can be very expensive and in the worst case scenario they can ruin the reputation of a particular brand. Testing these basic security measures should be standard in any industry. However, sometimes companies choose to ignore these basic ideas. This was the case with an undisclosed clothing company that ended up having to clean up a huge leak of their customers’ data.
This leak included their customers’ following information:
First and last names
Mishandling of this type of information seems to happen too often, and even large, reputable companies slip-up and expose their customers’ sensitive data. A recent example of this is American phone company Verizon, which mishandled the information of more than 14 million subscribers.
An even greater risk may be the mishandling of credit card data. Let’s take a look at FuturePets.com’s “zoo”. This is a blatant example negligence and ignorance because the store did not have any encryption algorithms and the data was all stored on an unsecured server. Effect? Every single bit of information was disclosed, including over 110,000 credit card numbers saved on their online store.
Testing = Safety
Practice shows that neglecting tests over time (usually a short amount of time), results in serious problems. The cost of eliminating errors after the fact is much higher because the work is often done in a hurry and usually requires that programmers work a considerable amount of overtime. There are also the associated costs: press releases, compensation packages and the risk of losing a company’s reputation. Rebuilding a reputation is an extremely difficult and often impossible task.
Never underestimate the power of the test phase. It is important to ensure that staff are properly trained or to have testing specialists on stand-by. Testing cannot be limited to validating applications, but should also cover potential security issues. If hackers simply look at the code to find weaknesses, code rewriting should remain in the test culture of every company that respects itself and its’ customers.
Click here to learn how to keep hackers’ hands off your e-commerce site with our security expert.
Check out a data breach involving Yahoo in an article by the New York Times here.