Title: Software Security Testing
1Software Security Testing
Vinay Srinivasan srinivasan_vinay_at_yahoo.com vinay.
srinivasan_at_techmahindra.com cell 91
9823104620
2By Vinay Srinivasan (Tech Lead) Working
At Testing Center of Excellence
Laboratory, TechMahindra, Pune
3Secure Software
- Confidentiality
- Disclosure of information to only intended
parties - Integrity
- Determine whether the information is correct or
not - Data Security
- Privacy
- Data Protection
- Controlled Access
- Authentication
- Access to Authorized People
- Availability
- Ready for Use when expected
- Non Repudiation
- Information Exchange with proof
4Software Security
- Security of Operating System
- Security of Client Software
- Security of Application Software
- Security of System Software
- Security of Database Software
- Security of Software Data
- Security of Client Data
- Security of System Data
- Security of Server Software
- Security of Network Software
5Why Security Testing
- For Finding Loopholes
- For Zeroing IN on Vulnerabilities
- For identifying Design Insecurities
- For identifying Implementation Insecurities
- For identifying Dependency Insecurities and
Failures - For Information Security
- For Process Security
- For Internet Technology Security
- For Communication Security
- For Improving the System
- For confirming Security Policies
- For Organization wide Software Security
- For Physical Security
6Approach to Software Security Testing
- Study of Security Architecture
- Analysis of Security Requirements
- Classifying Security Testing
- Developing Objectives
- Threat Modeling
- Test Planning
- Execution
- Reports
7Security Testing Techniques
- OS Hardening
- Configure and Apply Patches
- Updating the Operating System
- Disable or Restrict unwanted Services and Ports
- Lock Down the Ports
- Manage the Log Files
- Install Root Certificate
- Protect from Internet Misuse and be Cyber Safe
- Protect from Malware
- Vulnerability Scanning
- Identify Known Vulnerabilities
- Scan Intrusively for Unknown Vulnerabilities
8Security Testing Techniques (continued)
- Penetration Testing
- Simulating Attack from a Malicious Source
- Includes Network Scanning and Vulnerability
Scanning - Simulates Attack from someone Unfamiliar with the
System - Simulates Attack by having access to Source Code,
Network, Passwords - Port Scanning and Service Mapping
- Identification and locating of Open Ports
- Identification of Running Services
- Firewall Rule Testing
- Identify Inappropriate or Conflicting Rules
- Appropriate Placement of Vulnerable Systems
behind Firewall - Discovering Administrative Backdoors or Tunnels
- SQL Injection
- Exploits Database Layer Security Vulnerability
- Unexpected Execution of User Inputs
9Security Testing Techniques (continued)
- Cross Side Scripting
- Injecting Malicious Client Side Script into Web
Pages - Persistent, Non-Persistent and DOM based
Vulnerabilities - Parameter Manipulation
- Cookie Manipulation
- Form Field Manipulation
- URL Manipulation
- HTTP Header Manipulation
- Denial of Service Testing
- Flooding a target machine with enough traffic to
make it incapable - Command Injection
- Inject and execute commands specified by the
attacker - Execute System level commands through a
Vulnerable Application
10Security Testing Techniques (continued)
- Network Scanning
- Identifying Active Hosts on a network
- Collecting IP addresses that can be accessed over
the Internet - Collecting OS Details, System Architecture and
Running Services - Collecting Network User and Group names
- Collecting Routing Tables and SNMP data
- Password Cracking
- Collecting Passwords from the Stored or
Transmitted Data - Using Brute Force and Dictionary Attacks
- Identifying Weak Passwords
- Ethical Hacking
- Penetration Testing, Intrusion Testing and Red
Teaming - File Integrity Testing
- Verifying File Integrity against corruption using
Checksum
11Security Testing Techniques (continued)
- War Dialing
- Using a Modem to dial a list of Telephone Numbers
- Searching for Computers, Bulletin Board System
and Fax Machines - Wireless LAN Testing
- Searching for existing WLAN and logging Wireless
Access Points - Buffer Overflow Testing
- Overwriting of Memory fragments of the Process,
Buffers of Char type - Format String Testing
- Supplying Format type specifiers in the
Application input - Random Data Testing
- Random Data Inputs by a Program
- Encoded Random Data included as Parameters
- Crashing built-in code Assertions
12Security Testing Techniques (continued)
- Random Mutation Testing
- Bit Flipping of known Legitimate Data
- Byte stream Sliding within known Legitimate Data
- Session Hijacking
- Exploitation of Valid Computer Session
- Exploitation of the Web Session control mechanism
- Gain unauthorized access to the Web Server
- Phishing
- Masquerading as a trustworthy entity in an
electronic communication - Acquiring usernames, passwords and credit card
details - URL Manipulation
- Make a web server Deliver inaccessible web pages
- URL Rewriting
13Security Testing Techniques (continued)
- IP Spoofing
- Creating Internet Protocol (IP) packets with a
forged source IP address - Packet Sniffing
- Capture and Analyze all of the Network traffic
- Virtual Private Network Testing
- Penetration Testing
- Social Engineering
- Psychological Manipulation of People
- Divulging confidential information
14Conclusion
- Analyze potential Threat and its Impact
- Complete Security Testing may not be Feasible
- Collect Information to Secure Business
Environment - Should be done as early as possible in the Dev..
Cycle - Should be able to identify the Security
Requirements - Have Specific understanding of the Various
Processes - Should provide Recommendations to overcome
Weakness
15 16Contact Details
- Email
- vinay.srinivasan_at_techmahindra.com
- srinivasan_vinay_at_yahoo.com
- Phone
- 91-20-42250000 Extn 253925 / 253926
- 91-20-66550000 Extn 253925 / 253926
- 91-9823104620
- Fax
- 91-20-42252501
- 91-20-66552501