Why Security Testing Is Hard Herbert H. Thompson Presenter: Alicia Young.

Slides:



Advertisements
Similar presentations
Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.
Advertisements

Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.
Chapter 3 (Part 1) Network Security
Token Kidnapping's Revenge Cesar Cerrudo Argeniss.
Intrusion Detection Systems and Practices
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.
09/18/06 1 Software Security Vulnerability Testing in Hostile Environment Herbert H. Thompson James A. Whittaker Florence E. Mottay.
Hacking Framework Extended: The Role of Vulnerabilities Joseph H. Schuessler Bahorat Ibragimova 8 th Annual Security Conference Las Vegas, Nevada April.
By: Razieh Rezaei Saleh.  Security Evaluation The examination of a system to determine its degree of compliance with a stated security model, security.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.
Testing for Software Security ECEN5053 Software Engineering of Distributed Systems University of Colorado, Boulder Testing for Software Security, Hebert.
CSCE 548 Secure Software Development Risk-Based Security Testing.
Software Quality Assurance Lecture #8 By: Faraz Ahmed.
SCOTT KURODA ADVISOR: DR. FRANZ KURFESS Encouraging Secure Programming Practice in Academia.
Information Systems Security Computer System Life Cycle Security.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
Objectives Understand the basic concepts and definitions relating to testing, like error, fault, failure, test case, test suite, test harness. Explore.
A Security Review Process for Existing Software Applications
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Chapter 8 – Software Testing Lecture 1 1Chapter 8 Software testing The bearing of a child takes nine months, no matter how many women are assigned. Many.
Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.
OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.
Operating System Security. OS manages and controls access to hardware components Older OSs focused on ensuring data confidentiality Modern operating systems.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
Antivirus AppLocker in “Deny” Mode AppLocker in “Allow” Mode Auditing of Protections Forensic capture of host-based artifacts Forensic capture of memory-based.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
CSCE 522 Secure Software Development Best Practices.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Some possible final exam questions. DISCLAIMER models only These questions are models only. Some of these questions may or may not appear in the final.
Building Secure Web Applications With ASP.Net MVC.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
CSCE 522 Secure Software Development Best Practices.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Unix Security Assessing vulnerabilities. Classifying vulnerability types Several models have been proposed to classify vulnerabilities in UNIX-type Oses.
1 Firewall Rules. 2 Firewall Configuration l Firewalls can generally be configured in one of two fundamental ways. –Permit all that is not expressly denied.
CSCE 201 Secure Software Development Best Practices.
IT1001 – Personal Computer Hardware & system Operations Week7- Introduction to backup & restore tools Introduction to user account with access rights.
Agenda Using vi Editor Starting vi Session Command / Input Modes Entering Text Editing Text Saving Edited File Aborting Editing Session.
Design Principles and Common Security Related Programming Problems
Shasta Console Operations February 2010 Tony Caleb.
Role Of Network IDS in Network Perimeter Defense.
© ExplorNet’s Centers for Quality Teaching and Learning 1 Explain the importance of routine backup and maintenance. Objective Course Weight 4%
Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
 Software reliability is the probability that software will work properly in a specified environment and for a given amount of time. Using the following.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Token Kidnapping's Revenge Cesar Cerrudo Argeniss.
SOFTWARE TESTING Date: 29-Dec-2016 By: Ram Karthick.
Operating System Security
CSCE 548 Secure Software Development Risk-Based Security Testing
Chapter 7: Identifying Advanced Attacks
Security Testing Methods
Software Security Testing
A Security Review Process for Existing Software Applications
Design and Programming
Lesson 16-Windows NT Security Issues
Software System Testing
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Chapter 7 Software Testing.
Protecting Browsers from Extension Vulnerabilities
SHELLSHOCK ATTACK.
Presentation transcript:

Why Security Testing Is Hard Herbert H. Thompson Presenter: Alicia Young

Introduction Software Testing good at verifying requirements Software Testing good at verifying requirements UML helps move from specification to test cases UML helps move from specification to test cases Several bugs routinely escape testing Several bugs routinely escape testing Not specification Violations Not specification Violations Would escape most automated testing Would escape most automated testing Examine Security bugs to discover why testing can be difficult Examine Security bugs to discover why testing can be difficult

Side-Effect Behavior Input A -> result B Input A -> result B What if Input A also resulted in C? What if Input A also resulted in C? Overt – unexpected dialog box appears Overt – unexpected dialog box appears Subtle – writing a file or opening a network port Subtle – writing a file or opening a network port RDISK utility for Windows RDISK utility for Windows Creates an emergency Repair Disk Creates an emergency Repair Disk Temporary file created with Universal Permissions Temporary file created with Universal Permissions During testing, product responds as specified During testing, product responds as specified

Intended vs. Implemented

The State of Security Testing Exploit Libraries (Librarian Method) Exploit Libraries (Librarian Method) New Products tested with only this library New Products tested with only this library Finds old vulnerabilities with no hope of finding anything new Finds old vulnerabilities with no hope of finding anything new Problem is…this strategy actually works! Problem is…this strategy actually works! Developers repeatedly make the same mistakes Developers repeatedly make the same mistakes Current software is really buggy Current software is really buggy Applications will eventually become immune to these test cases Applications will eventually become immune to these test cases

The Need for Techniques Test like detectives Test like detectives Past bugs teach us how vulnerabilities get into our applications Past bugs teach us how vulnerabilities get into our applications The key is to learn new techniques of finding bugs The key is to learn new techniques of finding bugs Four General Classes of testing techniques Four General Classes of testing techniques Dependencies Dependencies Unanticipated user input Unanticipated user input Techniques to expose Design Vulnerabilities Techniques to expose Design Vulnerabilities Techniques to expose implementation vulnerabilities Techniques to expose implementation vulnerabilities

Dependency Insecurities and Failures Software resides in co-dependent environment Software resides in co-dependent environment Two Security Concerns Two Security Concerns Application may inherit insecurities Application may inherit insecurities External security service resource may fail External security service resource may fail Internet Explorer’s Content Advisor Internet Explorer’s Content Advisor Content advisor password protects classes of sites Content advisor password protects classes of sites If the library fails to load, Internet explorer permits access to any previously blocked site If the library fails to load, Internet explorer permits access to any previously blocked site

Cause of Dependency Failures Severely under-applied inputs to software Severely under-applied inputs to software Error handling code gets little testing scrutiny Error handling code gets little testing scrutiny These types of failures need to be examined These types of failures need to be examined

Unanticipated User Input Inputs that cause undesirable side effects and require special testing Inputs that cause undesirable side effects and require special testing Reserved words Reserved words Escape characters Escape characters Long strings Long strings Boundary values Boundary values Most well known side-effect: Buffer Overflow Most well known side-effect: Buffer Overflow Input that can be interpreted as commands Input that can be interpreted as commands

Design Insecurities Many Security Vulnerabilities designed into application Many Security Vulnerabilities designed into application Seeing high-level impact on an application or host is difficult Seeing high-level impact on an application or host is difficult Test Instrumentation Test Instrumentation Many applications shipped with it Many applications shipped with it Bypassing security controls for ease of testing Bypassing security controls for ease of testing Ports left open Ports left open Insecure default values and configurations Insecure default values and configurations

Implementation Insecurities Perfect design means nothing if Implementation is flawed Perfect design means nothing if Implementation is flawed Man-in-the-middle attack Man-in-the-middle attack Attacker gets between time application checks security and when the application uses information Attacker gets between time application checks security and when the application uses information Xterm – can be exploited to allow a restricted user to append data to the password file Xterm – can be exploited to allow a restricted user to append data to the password file

Standard Bug-Severity Rankings Urgent Urgent System crash, Unrecoverable data loss, jeopardizes personnel System crash, Unrecoverable data loss, jeopardizes personnel High High Impairment of critical system functions and no work-around exists Impairment of critical system functions and no work-around exists Medium Medium Impairment of critical system functions and work-around exists Impairment of critical system functions and work-around exists Low Low Inconvenience, annoyance Inconvenience, annoyance None None None of the above or an enhancement None of the above or an enhancement

The Need For Tools Testers generally rewarded for both quantity and severity of bugs Testers generally rewarded for both quantity and severity of bugs Side-effect bugs may not get noticed or even dismissed by managers Side-effect bugs may not get noticed or even dismissed by managers Equipped with proper tools testers would notice odd behavior Equipped with proper tools testers would notice odd behavior Writing of a temporary file Writing of a temporary file Sending of extra network packets Sending of extra network packets

New Tools Regmon and Filemon – monitor application interactions with registry and file system Regmon and Filemon – monitor application interactions with registry and file system App-Sight – monitors environmental interactions App-Sight – monitors environmental interactions Holodeck – Fine grain control over interactions between application and environment Holodeck – Fine grain control over interactions between application and environment

Paper Analysis Quality Software is Secure Software Quality Software is Secure Software Important points made Important points made Better testing techniques Better testing techniques Better testing tools Better testing tools Design concerns Design concerns

Questions?