Former ethical hacker champions secure coding in Malaysia: exclusive


LGMS March 2017

Photo - (From left) FCS Software Development KL's associate director Tan Ming Aik; and director Moo Chii Der; TÜV Nord Malaysia certification division manager Eva Soo; and LGMS executive director and senior IT security consultant Fong Choong Fook.


  A former ethical hacker turned financial security specialist is now championing secure coding in Malaysia.

In an earlier interview with Computerworld Malaysia, Fong Choong Fook, LGMS executive director and senior IT security consultant warned of DDOS attacks through smart devices and also pointed out, in another interview, that vulnerabilities not value remained attractive targets for attackers.

The situation has not improved, Fong now told me when asked for a general security update as part of Computerworld Malaysia's summit industry insights roundup.

 "As technology develops at breakneck speeds today, so too does the need for applications that can make full use of that technology," he said. "Given the pace of such rapid progress, it is very easy for developers to lose sight of security best practices as struggle to churn out code to match."

"Security has increasingly becomes a paramount concern as high profile attacks become a pervasive problem that permute almost every industry across the board. In today's digital world, every company has become vulnerable to data loss, damage to reputation, and hits to the bottom line," Fong said.

He said that to security companies such as LGMS, it has become "strikingly obvious that companies need to build enhanced security into their applications rather than dealing with it in production or after a breach."

Fong said LGMS "takes its role as a security specialist seriously and has been working with the industry to champion secure coding. Establishing an official affiliation with TÜV Nord Malaysia, LGMS introduced the 'Secured Software Assurance Certificate' program in the beginning of August 2016."

What secure coding demands

"Being able to produce secure coding takes more than the efforts of your run-of-the-mill programmer. It takes painstaking training and experience in order to recognize different kinds of security threats and be able to fortify code appropriately," he said.

Fong (new) - done

Fong (pic above) said that company was pleased to hand out its first Malaysian-company 'Secured Software Assurance Certificate' to FCS Computer Systems recently

The ceremony was attended by FCS Software Development KL's director Moo Chii Der and associate director Tan Ming Aik, TÜV Nord Malaysia certification division manager Eva Soo together with Fong.

In conjunction to the handover ceremony, the certificate was issued by TÜV Nord Malaysia to endorse FCS in securing the security vulnerabilities identified by LGMS security assessors during the source code review.

The testing report prepared by LGMS was then validated by TÜV before commencing with the certificate issuance to enforce both decorum and integrity.

Looking into the provision of LGMS' service, the source code is a collection of computer instructions written by human readable text, and to be compiled or assembled into an executable computer program.

These collection of instructions would introduce weaknesses or flaws that could be exploited by hackers if written insecurely.

Moving forward

Fong said: "The 'Secure Software Assurance Certificate' shows the commitment and efforts of FCS Computer Systems to ensure that the source code written were based on secure coding practices, and is free from security vulnerabilities before production deployment."

"Moving forward in the eyes of LGMS, they will be pushing the boundaries further by obtaining third party recognition and validation on other professional services offered, such as, penetration testing, vulnerability assessment and many more," he added.

The TÜV Nord Group is a global  Inspections, Certification & Testing organisation, which provides a broad range of advisory, service, and testing services in the mobility, industrial services, international, natural resources and training and human resources fields.

The first version of this article appeared on Computerworld Malaysia 8 March 2017.