Transcript Software Security Testing

Software Security Testing
Vinay Srinivasan
[email protected]
[email protected]
cell: +91 9823104620
By
Vinay Srinivasan
(Tech Lead)
Working At
Testing Center of Excellence Laboratory,
TechMahindra, Pune
Secure Software
 Confidentiality
 Disclosure of information to only intended parties
 Integrity
 Determine whether the information is correct or not
 Data Security
 Privacy
 Data Protection
 Controlled Access
 Authentication
 Access to Authorized People
 Availability
 Ready for Use when expected
 Non Repudiation
 Information Exchange with proof
Software Security










Security of Operating System
Security of Client Software
Security of Application Software
Security of System Software
Security of Database Software
Security of Software Data
Security of Client Data
Security of System Data
Security of Server Software
Security of Network Software
Why Security Testing













For Finding Loopholes
For Zeroing IN on Vulnerabilities
For identifying Design Insecurities
For identifying Implementation Insecurities
For identifying Dependency Insecurities and Failures
For Information Security
For Process Security
For Internet Technology Security
For Communication Security
For Improving the System
For confirming Security Policies
For Organization wide Software Security
For Physical Security
Approach to Software Security Testing








Study of Security Architecture
Analysis of Security Requirements
Classifying Security Testing
Developing Objectives
Threat Modeling
Test Planning
Execution
Reports
Security Testing Techniques
 OS Hardening
 Configure and Apply Patches
 Updating the Operating System
 Disable or Restrict unwanted Services and Ports
 Lock Down the Ports
 Manage the Log Files
 Install Root Certificate
 Protect from Internet Misuse and be Cyber Safe
 Protect from Malware
 Vulnerability Scanning
 Identify Known Vulnerabilities
 Scan Intrusively for Unknown Vulnerabilities
Security Testing Techniques (continued…)
 Penetration Testing
 Simulating Attack from a Malicious Source
 Includes Network Scanning and Vulnerability Scanning
 Simulates Attack from someone Unfamiliar with the System
 Simulates Attack by having access to Source Code, Network, Passwords
 Port Scanning and Service Mapping
 Identification and locating of Open Ports
 Identification of Running Services
 Firewall Rule Testing
 Identify Inappropriate or Conflicting Rules
 Appropriate Placement of Vulnerable Systems behind Firewall
 Discovering Administrative Backdoors or Tunnels
 SQL Injection
 Exploits Database Layer Security Vulnerability
 Unexpected Execution of User Inputs
Security Testing Techniques (continued…)
 Cross Side Scripting
 Injecting Malicious Client Side Script into Web Pages
 Persistent, Non-Persistent and DOM based Vulnerabilities
 Parameter Manipulation
 Cookie Manipulation
 Form Field Manipulation
 URL Manipulation
 HTTP Header Manipulation
 Denial of Service Testing
 Flooding a target machine with enough traffic to make it incapable
 Command Injection
 Inject and execute commands specified by the attacker
 Execute System level commands through a Vulnerable Application
Security Testing Techniques (continued…)
 Network Scanning
 Identifying Active Hosts on a network
 Collecting IP addresses that can be accessed over the Internet
 Collecting OS Details, System Architecture and Running Services
 Collecting Network User and Group names
 Collecting Routing Tables and SNMP data
 Password Cracking
 Collecting Passwords from the Stored or Transmitted Data
 Using Brute Force and Dictionary Attacks
 Identifying Weak Passwords
 Ethical Hacking
 Penetration Testing, Intrusion Testing and Red Teaming
 File Integrity Testing
 Verifying File Integrity against corruption using Checksum
Security Testing Techniques (continued…)
 War Dialing
 Using a Modem to dial a list of Telephone Numbers
 Searching for Computers, Bulletin Board System and Fax Machines
 Wireless LAN Testing
 Searching for existing WLAN and logging Wireless Access Points
 Buffer Overflow Testing
 Overwriting of Memory fragments of the Process, Buffers of Char type
 Format String Testing
 Supplying Format type specifiers in the Application input
 Random Data Testing
 Random Data Inputs by a Program
 Encoded Random Data included as Parameters
 Crashing built-in code Assertions
Security Testing Techniques (continued…)
 Random Mutation Testing
 Bit Flipping of known Legitimate Data
 Byte stream Sliding within known Legitimate Data
 Session Hijacking
 Exploitation of Valid Computer Session
 Exploitation of the Web Session control mechanism
 Gain unauthorized access to the Web Server
 Phishing
 Masquerading as a trustworthy entity in an electronic communication
 Acquiring usernames, passwords and credit card details
 URL Manipulation
 Make a web server Deliver inaccessible web pages
 URL Rewriting
Security Testing Techniques (continued…)
 IP Spoofing
 Creating Internet Protocol (IP) packets with a forged source IP address
 Packet Sniffing
 Capture and Analyze all of the Network traffic
 Virtual Private Network Testing
 Penetration Testing
 Social Engineering
 Psychological Manipulation of People
 Divulging confidential information
Conclusion







Analyze potential Threat and its Impact
Complete Security Testing may not be Feasible
Collect Information to Secure Business Environment
Should be done as early as possible in the Dev.. Cycle
Should be able to identify the Security Requirements
Have Specific understanding of the Various Processes
Should provide Recommendations to overcome Weakness
Thank You
Contact Details
 Email :
 [email protected]
 [email protected]
 Phone :
 +91-20-42250000 Extn : 253925 / 253926
 +91-20-66550000 Extn : 253925 / 253926
 +91-9823104620
 Fax :
 +91-20-42252501
 +91-20-66552501