A common misconception we see regarding digital security is that regression testing is an extraneous or unnecessary addition to your cybersecurity efforts. This could not be further from the truth! Even if you have your own internal security team, patching any discovered issues during a penetration test will almost certainly give rise to new issues or vulnerabilities.  

Let’s take a look at regression testing as a service; what it does, how it benefits your systems and applications, and how Cyrex ensure your end-result is the gold standard in cybersecurity.  

What is Regression Testing?

Regression testing is the process where security engineers reinvestigate patched vulnerabilities and issues. We offer it as part of our comprehensive penetration testing package, where our engineers will come in after the client patches and addresses any discovered vulnerabilities.  

When our penetration test is complete, we send over a report of our findings, a detailed list of the vulnerabilities discovered, their level of threat to your system or application, and suggested actions to follow. Once the client has addressed the issues, or perhaps the critical ones, whatever we have agreed upon, our team then checks the system once more. This is done over a fixed service price, based on scale of the regression test – not the number of tests we end up doing. On average, it usually takes 2–3 iterations, as each patch has the chance to create new vulnerabilities.   

The goal of regression testing is checking the fixes fulfil two criteria:

1. Firstly, that the patches were effective and are operating as intended. The issues they were created to fix have been resolved and the threat is removed.
2. Secondly, that the patches have not generated any new issues.

 
This happens all the time. As we say, sometimes you patch a vulnerability and close a door but another opens down the line. Any human written code has the potential to be vulnerable, it’s simply a fact of coding.  

Why Should I Consider Regression Testing?

There are a few reasons why regression testing is not only the best decision for your operations but it’s also a helpful and valuable operation to undertake. Let’s review a few of the key reasons why regression testing is useful to you:  

Improved & Guaranteed Security Naturally, the first reason is you are verifying that not only are your vulnerabilities patched but they have been checked once more. You have concrete evidence that the patching was effective and that no new vulnerabilities have occurred. For both you and your end-user, this is a win.  

Increased Value & Proof of Security Once our team have completed their iterations of regression testing, we provide another report of our work and what has been verified. This is a great piece to publish to your end-users, to deliver during sales cycles, and to any other potential clients or online communities. It shows that you take security seriously, that your clients and users are safe, and you have taken the necessary steps to guarantee that safety. This is a fantastic step for client loyalty and reputation in your industry. It brings huge value in the name of security and shows a dedication to a safe digital environment.  

Improved Security Maturity If you have an internal security team, penetration tests and regression tests are fantastic opportunities to improve their security maturity. We frequently notice, with repeat tests, that previous client’s security teams and developers have improved their security awareness. Developers begin to code with security in mind and the security team grow in their capacity to keep your team safe against growing digital threats. This brings huge value to your operations as your systems will simply become more secure as your team learns and grows with cybersecurity best practices.  

Common Misconceptions in Regression Testing

As mentioned before, we often see regression testing reduced to an irrelevant or unneeded level. Seen as something not needed for proper security.  

However, we also see that the nature of vulnerabilities and them changing is often overlooked. Patching can have a plethora of unintended consequences and vulnerabilities can jump from harmless to potentially critical if it is left untended to.  

Regression Testing with Cyrex

As with all of our services, we’re working for a stable and secure digital space. Our regression testing follows the same style as our penetration tests. We work in pairs or teams to cut down on the time and discovery stages of the process. When it comes to regression tests, we are masters of backtracking and casting a keen eye over the big picture while we ensure each vulnerability has been patched correctly and has not created any unforeseen vulnerabilities.  

Our gold standard of service will ensure that your patching efforts are as successful as possible and you can move forward confidently knowing you are secure.  

If you’d like to utilise our penetration testing and regression testing services, get in touch today! Check out our portfolio of work if you’d like to consider leveraging the gold-standard of cybersecurity and load testing.