Presentation on theme: "Automated security testing with Flinder SEARCH-LAB Security Evaluation Analysis and Research Laboratory Ltd."— Presentation transcript:
1 Automated security testing with Flinder SEARCH-LAB Security Evaluation Analysis and Research Laboratory Ltd.
2 Danger of programming bugs “Every interesting program containsat least one variable,at least one cycle andat least one bug.” – Murphy’s lawGlobal security danger of programming bugsAutomated intrusionsVirus spreadingWith the help of cracked computers it is possible tooperate illegal web serversdistribute spamcarry out phishingcommit credit card fraudAny application can contain a bug!Automated security testing with Flinder
4 Automated testing and verification Formal verificationRequires the specification of correct behaviorStatic source code analysisComplexity problemsMany false positivesTest-based evaluationTest vector generationDetection of typical bugsDetects true positives, but not necessarily allCan be used without the source codeAutomated security testing with Flinder
5 Black-box & white-box testing Black-box testingAnalysis of concrete protocolsComplex description of the inputFuzzing: manipulation of existing inputLess and scalable customization needsWhite-box testingTest vector generation based on source code evaluationFault injectionAutomated security testing with Flinder
6 Looks for typical security-relevant programming bugs Flinder featuresLooks for typical security-relevant programming bugsTest-based evaluationBlack-box and white-box test modesFrom applications to complex protocolsRequired from the developerInput Generator – according to the correct behaviorInput format description (XML-based)Protocol Statechart (UML state machine)Re-usable generic test algorithms for typical bugsProactive, multiple-step testing considering former reactions of the ToECryptographic supportPlug-ins for cipher and compression methodsAutomated security testing with Flinder
7 Fuzzing...By definition: fuzzing is algorithmic modification of binary inputFuzzing based on descriptorsRandom fuzzingReactively iterating fuzzingDifferent fuzzersConformance checkingStress testTesting typical mistakesAutomated security testing with Flinder
8 ... and more Flinder can Parse and serialize protocol messages Decode and encode cryptograms, compressed dataFollow complex protocolslike IPSec, TCP, SSLTest Logic works on field levelGeneric test algorithmscan be applied for different ToEs, protocols, messages and fields without modificationAutomated security testing with Flinder
9 Flinder modules Input Generator TOE IG Actuator TOE Actuator IG CapturerTOE CapturerIG DispatcherTOE DispatcherParserSerializerProtocol LogicTest LogicAutomated security testing with Flinder
10 Example typical mistakes Buffer OverflowWith successive approximationSignedness bugInteger OverflowEncoding bugUnicode bugOKERRORREJECTIONif ((unsigned int) i < 0)if (i*256 <= 1024)Automated security testing with Flinder
Your consent to our cookies if you continue to use this website.