The Security Aspect of Applications in Kosovo Companies

This paper addresses the security aspects of the software applications in the framework of several entrepreneurship. It has a certain goal and structure, through which it modestly aims to present the security aspect of web applications in Kosovo companies. At first we tried to give some theoretical concepts about security in general and security testing in particular. The key research elaboration of the research problem addresses the security aspect in the sector of companies that develop applications and do their testing, here we will dwell on a case-study case of different companies in Kosovo. The purpose of this section is to argue the importance of security and its application to various companies.


Introduction
As software applications are becoming more and more complex and intertwined with a large number of different platforms, they need to be tested.Therefore, it is extremely important to have a special testing methodology to make sure that the software products developed are fully tested to meet specific requirements.Software applications may fall prey to various attacks, such as: application without being authorized, system hacking, code manipulation through cross-site scripting, Sql-injection and many other ways.Therefore security is a matter that needs to be taken into account where the key goal is to check whether the application or product is safe or not, is it easy to hack, that it meets the appropriate security system requirements, and to protect application data in words.All of these will be part of the research, with the help of the relevant statistics, which I will receive in some companies where the source of this information was the employees of the company who have completed the questionnaire and have enabled me to receive information accurate analysis of whether safe applications are being created?Which security techniques are most effective, which methods are most applicable to different companies and how they function.

Aspects of Security Testing
Nowadays, computer technologies are controlling and managing many aspects of human life.Web applications are not only used for publicity or marketing, but these are evolving to a great extent by achieving the accuracy to meet the needs of the entire business.Commercial and online web applications such as shopping malls, bank services etc. are also sold as products in their own right.This means that online applications have gained the trust of customers and users regarding the so-called 'security'.Undoubtedly, the security factor is a key issue, so it is essential to have methods and ways to prevent attacks and take protective measures of software applications.Security of applications is an important issue in Kosovo companies, which coincides with the fact that when an application is developed it is necessary to be ready to resist attacks by hackers, are threatened, such as the access of intruders in order to manipulate data, exit the system from the control etc.Thus, all applications created for public use must be tested; without testing there is no certainty that the application will behave as expected by it.There are two ways of testing, and they are: Manual -the designated person sits down and tests the program in order to find errors and auto-test steps are written as a program and executed automatically whenever needed.

Testing Types
There are two types of testing: Functional Testing: Which refers to activities that verify a specific action or function in the code; try to answer questions about "Can I do this user?".Inoperative Testing: refers to software aspects that, perhaps, are not related to a specific function or user action, such as security in the present case.As for testing techniques, they involve white-box testing, black-box testing and gray-box testing.In black-box (functional) we test the functional requirements and from the specification generate tests, while in white-box (structural) we test the internal logic of the program and from the program we generate tests.Gray-box is a kind of mix between blackbox and white-box.An essential difference between white-box and black-box is that we do not have access to the black box, while in white box we have access to the code.The key goal of testing is to make us understand that the program is working properly and to detect program defects before the application is brought into use, the essence is to provide stakeholders with information on the quality of the product or test service.When testing the software, we run the program using data, check the result of the test of errors, abnormalities, or information about the non-functional attributes of the program.Security is a process, not a product.Security testing is essentially a kind of non-functional testing that is made to check whether the application or product is secure or not, verifies whether the application is vulnerable to attacks if someone penetrates the system or the wrists in an application without permission (authorization) etc. Security testing should initially adhere to dysfunctional aspects of the software, and not just focus on what the software does or how it does but focus on testing each step of the application; is a process that determines that the information system protects the data and protects the intended functionality.Specifically, security testing is a process in order to find weaknesses (vulnerabilities).

The Security Testing Proces in Kosovo Companies
As far as the security testing aspect is concerned, in many companies in Kosovo this aspect is a bit neglected, as more importance is given to the functionality (if the application is working properly) than the security of that application.However, recently, the interest of companies in terms of security has increased.Since the development of online services, web applications that are placed on the market and distributed with security risk, besides their functionality, security should be present.From the latest analysis, many sites are exposed by hackers, though web applications are tested every day by qualified industries, including financial services, government, healthcare and commerce etc.First of all, it is necessary to make a good test plan, which will be able to answer the following questions: How are tests done?
Describes the language and tools used for testing.
Who is responsible for testing?Lists groups or individuals who have written and executed the tests.
When did the tests take place?
The test schedule closely follows the development schedule.
What are the tests and how are the results distributed?
Tests should be organized so that they can be re-executed on a regular basis.

What is being tested?
Measurable achievements with concrete targets tell us when we have achieved success.

Figure 1. The cycle of application
In our country, various companies have been opened in recent years, some of which are under the umbrella of companies of foreign countries.Increased applications for sophisticated applications have also influenced their testing as an important launching stage for applications and their ability to modify them.Given the competition about how each company struggles to be the best and bring the most quality products, so besides the functionality of the application, special attention should be paid to its security.Therefore, I have decided to create a questionnaire, in which case I will be informed about how much they are paying attention to the testing process in Kosovo companies.The purpose of this survey was to collect the necessary data, which was essential and helped me in generating realistic results of the current situation; how far the company's security testing and its future approach will be applied.The topic addressed in this research has included the programming companies of Kosovo.

Empirical Analyses
The research in question reports regarding the application security aspect in applications, the data presented in this paper are the result of the responses received from 22 respondents who are employees of companies in Kosovo.
Reported in Table 1, the questionnaire that contains 8 questions Based on the research that I have made, I have disclosed 3 research questions to confirm the purpose of the paper.
Research question 1: How satisfied are you with the quality of the products you develop (Are you sure?) Research question 2: Are applications tested before launching?
Research question 3: Are the applications security aspects important?

A) Research question 1.
From grades 1 through 5, how satisfied are you with the quality of the products you are developing (Are they safe?) Based on the fact that the quality of the products depends on the functionality and security factor then the answer to this question gives us information about how much the employees consider the products they are creating to be delightful.Thus, the reported responses give us the following percentages: Evaluation with grade 5 (36%) and with 4 (52%) and 3 (12%).Based on the statistics for this question, we can say that the employees are sufficiently satisfied with the achievement of joint team goals.The answer to this question gives us information about whether the employees are familiar with the security aspects, whether it is applied to projects, etc., from the responses received we have a summary of the answers, is done in percentage to give us accurate results Are security in the company applied?In Figure 1 the results show that (72%) responded positively, (24%) responded moderately (4%) negatively.Information on this question is based on questions P1, P3, P4, P6, in providing relevant information.Regarding the fact that more attention was paid to functionality or security, the majority of respondents responded that they were both dependent on the type of application being developed, and whether more or less functional or non-functional percentile was equivalent.As well as having an adequate room for server deployment it is very important for the security aspect, the majority of respondents have replied that the company possesses a room specifically for their deployment.One thing to note was the involvement of testers in the company from the responses received, it is established that in almost every company the number of testers was from 1 to 5.

Conclusion
Based on research in Kosovo companies and statistics that have been treated anonymously, I have come to the conclusion that security testing needs to be more involved in our country's companies, and every company needs to increase the number of people involved with testing, as there was a lack of them in the company.One suggestion on my part would be to keep a special place for hosting servers where only authorized persons would have access to it, and I prefer for any unexpected type of vulnerability to consult with security specialists information technology.I hope that in the future security testing will be a matter of discussion across all of Kosovo's programming companies and there will be improvements over the negative phenomena that occur to applications and take safeguards on this issue.

Figure 2 .
Figure 2. Percent of how satisfied employees in the application security company are B) Research question 2. Are the applications tested before launching?The answer to this question gives us information about whether the employees are familiar with the security aspects, whether it is applied to projects, etc., from the responses received we have a summary of the answers, is done in percentage to give us accurate results Are security in the company applied?In Figure1the results show that (72%) responded positively, (24%) responded moderately (4%) negatively.

Table 1 .
Questionnaire Question 1.Does the company in which you work focus on functionality or security?Q2.Which techniques apply to app testing?Q3.Which types of testing do you mostly use in apps?Q4.Is there a safe place for servers (server room), which only authorized persons have access to?Q5.How cautious is the number of servers in the company you work in?Q6.How many people are being tested by the company?Q7.If you had training, what kinds of tests were there?