220 likes | 367 Views
Software Security Testing is Important, Different and Difficult. Review by Rayna Burgess. Overview. The Paper Selection Security Testing is Important (Relevant) Security Testing is Different from Functional Testing Security Testing is Difficult Security Engineer’s Tasks
E N D
Software Security Testing is Important, Different and Difficult Review by Rayna Burgess
Overview The Paper Selection Security Testing is Important (Relevant) Security Testing is Different from Functional Testing Security Testing is Difficult Security Engineer’s Tasks Analyzing Security Risks Types of Security Testing Case Study: Java Card Conclusion COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess
The Paper: Software Security Testing COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess Gary McGraw, PhD, CTO of Cigital, Inc Series of Articles in IEEE Security & Privacy
Security Testing is Important COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess
Security Testing is Different COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess Malicious attacker Intelligent Adversary Vulnerabilities Exploited
Aaah! So many vulnerability lists! COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess
McGraw’s Vulnerability Taxonomy COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess
Vulnerability Name Dropping COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess gets() (Buffer overflow problem, Morris Worm) Race condition (time of check to time of use) Insecure failure Transitive trust Trampoline Zero day exploits
SQL Injection Vulnerability COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess
Where are we? The Paper Selection Security Testing is Important (Relevant) Security Testing is Different from Functional Testing Security Testing is Difficult Security Engineer’s Tasks Analyzing Security Risks Types of Security Testing Case Study: Java Card Conclusion COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess
SW Security Engineer’s Tasks COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess
Analyzing Security Risks COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess • Think like an attacker • Vulnerability in weakest link can expose the system • Requires expertise • Can practice/learn on • Webgoat • DVWA • Hacme Bank
Types of Security Testing COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess Functional Security Testing Risk-Based Security Testing (hostile attacks) Black Box/White Box Static/Dynamic
Static Security Analysis COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess • Risk Analysis of Design and Architecture • Static Security Analysis Tools • Source Code or Byte Code • Good at finding patterns • Numerous False Positives
Penetration Testing COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess • Performed on a running system • Can be used on COTS software too • Penetration testing tools • Network and OS vulnerability scanners • Nmap, Nessus, Aircrack • Automated Penetration Testing Tools • Metasploit, CoreImpact, Canvas • Other useful tools • Fuzzing tools, WebScarab, • Quality of pen testing depends on the human!
Case Study: Java Card COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess • Operating System for Smart Cards • GlobalPlatform (Java Card, MULTOS) • Used on Bank Cards, (also SIMs, ID Cards, Medical) • Two Types of Testing • Functional security design tests • Risk-based attack tests
Functional Security Testing COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess • Tests security functionality • Crypto • Commands • Compliance Testing (GALITT 3/2011) • All cards passed!
Risk-Based Security Testing (Attacks) COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess • Hostile Attacks, based on risk assessment • All cards failed some part of this testing! • Analysis of Java Card Design • Identify automic transaction processing as area of interest • Consequence is “printing money” (Very High Risk) • Put on Black Hat, Don’t follow the rules: • Abort, fail to commit, fill buffers, nest transactions • Exposes vulnerabilities before issued to public
Almost done! The Paper Selection Security Testing is Important (Relevant) Security Testing is Different from Functional Testing Security Testing is Difficult Security Engineer’s Tasks Analyzing Security Risks Types of Security Testing Case Study: Java Card Conclusion COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess
Conclusion: SW Security Testing is… COMP 587 SW V&V Dr. Lingard | Security Testing Review – Rayna Burgess • Important • More software, more new attacks • More functionality, more vulnerabilities • Software is everywhere and connected! • Different • Presence of a malicious, intelligent attacker • Software Test Engineers have different skills • Difficult • Exploits are subtle • Automated static & dynamic tools insufficient • Need a human!
“So now, when we face a choice between adding features and resolving security issues, we need to choose security.” -Bill Gates