Software Security Testing

1
Software Security Testing
Vinay Srinivasan srinivasan_vinay_at_yahoo.com vinay.
srinivasan_at_techmahindra.com cell 91
9823104620
2
By Vinay Srinivasan (Tech Lead) Working
At Testing Center of Excellence
Laboratory, TechMahindra, Pune
3
Secure Software

• Confidentiality
• Disclosure of information to only intended
  parties
• Integrity
• Determine whether the information is correct or
  not
• Data Security
• Privacy
• Data Protection
• Controlled Access
• Authentication
• Access to Authorized People
• Availability
• Ready for Use when expected
• Non Repudiation
• Information Exchange with proof

4
Software Security

• Security of Operating System
• Security of Client Software
• Security of Application Software
• Security of System Software
• Security of Database Software
• Security of Software Data
• Security of Client Data
• Security of System Data
• Security of Server Software
• Security of Network Software

5
Why Security Testing

• For Finding Loopholes
• For Zeroing IN on Vulnerabilities
• For identifying Design Insecurities
• For identifying Implementation Insecurities
• For identifying Dependency Insecurities and
  Failures
• For Information Security
• For Process Security
• For Internet Technology Security
• For Communication Security
• For Improving the System
• For confirming Security Policies
• For Organization wide Software Security
• For Physical Security

6
Approach to Software Security Testing

• Study of Security Architecture
• Analysis of Security Requirements
• Classifying Security Testing
• Developing Objectives
• Threat Modeling
• Test Planning
• Execution
• Reports

7
Security Testing Techniques

• OS Hardening
• Configure and Apply Patches
• Updating the Operating System
• Disable or Restrict unwanted Services and Ports
• Lock Down the Ports
• Manage the Log Files
• Install Root Certificate
• Protect from Internet Misuse and be Cyber Safe
• Protect from Malware
• Vulnerability Scanning
• Identify Known Vulnerabilities
• Scan Intrusively for Unknown Vulnerabilities

8
Security Testing Techniques (continued)

• Penetration Testing
• Simulating Attack from a Malicious Source
• Includes Network Scanning and Vulnerability
  Scanning
• Simulates Attack from someone Unfamiliar with the
  System
• Simulates Attack by having access to Source Code,
  Network, Passwords
• Port Scanning and Service Mapping
• Identification and locating of Open Ports
• Identification of Running Services
• Firewall Rule Testing
• Identify Inappropriate or Conflicting Rules
• Appropriate Placement of Vulnerable Systems
  behind Firewall
• Discovering Administrative Backdoors or Tunnels
• SQL Injection
• Exploits Database Layer Security Vulnerability
• Unexpected Execution of User Inputs

9
Security Testing Techniques (continued)

• Cross Side Scripting
• Injecting Malicious Client Side Script into Web
  Pages
• Persistent, Non-Persistent and DOM based
  Vulnerabilities
• Parameter Manipulation
• Cookie Manipulation
• Form Field Manipulation
• URL Manipulation
• HTTP Header Manipulation
• Denial of Service Testing
• Flooding a target machine with enough traffic to
  make it incapable
• Command Injection
• Inject and execute commands specified by the
  attacker
• Execute System level commands through a
  Vulnerable Application

10
Security Testing Techniques (continued)

• Network Scanning
• Identifying Active Hosts on a network
• Collecting IP addresses that can be accessed over
  the Internet
• Collecting OS Details, System Architecture and
  Running Services
• Collecting Network User and Group names
• Collecting Routing Tables and SNMP data
• Password Cracking
• Collecting Passwords from the Stored or
  Transmitted Data
• Using Brute Force and Dictionary Attacks
• Identifying Weak Passwords
• Ethical Hacking
• Penetration Testing, Intrusion Testing and Red
  Teaming
• File Integrity Testing
• Verifying File Integrity against corruption using
  Checksum

11
Security Testing Techniques (continued)

• War Dialing
• Using a Modem to dial a list of Telephone Numbers
• Searching for Computers, Bulletin Board System
  and Fax Machines
• Wireless LAN Testing
• Searching for existing WLAN and logging Wireless
  Access Points
• Buffer Overflow Testing
• Overwriting of Memory fragments of the Process,
  Buffers of Char type
• Format String Testing
• Supplying Format type specifiers in the
  Application input
• Random Data Testing
• Random Data Inputs by a Program
• Encoded Random Data included as Parameters
• Crashing built-in code Assertions

12
Security Testing Techniques (continued)

• Random Mutation Testing
• Bit Flipping of known Legitimate Data
• Byte stream Sliding within known Legitimate Data
• Session Hijacking
• Exploitation of Valid Computer Session
• Exploitation of the Web Session control mechanism
• Gain unauthorized access to the Web Server
• Phishing
• Masquerading as a trustworthy entity in an
  electronic communication
• Acquiring usernames, passwords and credit card
  details
• URL Manipulation
• Make a web server Deliver inaccessible web pages
• URL Rewriting

13
Security Testing Techniques (continued)

• IP Spoofing
• Creating Internet Protocol (IP) packets with a
  forged source IP address
• Packet Sniffing
• Capture and Analyze all of the Network traffic
• Virtual Private Network Testing
• Penetration Testing
• Social Engineering
• Psychological Manipulation of People
• Divulging confidential information

14
Conclusion

• Analyze potential Threat and its Impact
• Complete Security Testing may not be Feasible
• Collect Information to Secure Business
  Environment
• Should be done as early as possible in the Dev..
  Cycle
• Should be able to identify the Security
  Requirements
• Have Specific understanding of the Various
  Processes
• Should provide Recommendations to overcome
  Weakness

15

• Thank You

16
Contact Details

• Email
• vinay.srinivasan_at_techmahindra.com
• srinivasan_vinay_at_yahoo.com
• Phone
• 91-20-42250000 Extn 253925 / 253926
• 91-20-66550000 Extn 253925 / 253926
• 91-9823104620
• Fax
• 91-20-42252501
• 91-20-66552501