Presentation is loading. Please wait.

Presentation is loading. Please wait.

Why Security Testing Is Hard Herbert H. Thompson Presenter: Alicia Young.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Why Security Testing Is Hard Herbert H. Thompson Presenter: Alicia Young."— Presentation transcript:

1 Why Security Testing Is Hard Herbert H. Thompson Presenter: Alicia Young

2 Introduction Software Testing good at verifying requirements Software Testing good at verifying requirements UML helps move from specification to test cases UML helps move from specification to test cases Several bugs routinely escape testing Several bugs routinely escape testing Not specification Violations Not specification Violations Would escape most automated testing Would escape most automated testing Examine Security bugs to discover why testing can be difficult Examine Security bugs to discover why testing can be difficult

3 Side-Effect Behavior Input A -> result B Input A -> result B What if Input A also resulted in C? What if Input A also resulted in C? Overt – unexpected dialog box appears Overt – unexpected dialog box appears Subtle – writing a file or opening a network port Subtle – writing a file or opening a network port RDISK utility for Windows RDISK utility for Windows Creates an emergency Repair Disk Creates an emergency Repair Disk Temporary file created with Universal Permissions Temporary file created with Universal Permissions During testing, product responds as specified During testing, product responds as specified

4 Intended vs. Implemented

5 The State of Security Testing Exploit Libraries (Librarian Method) Exploit Libraries (Librarian Method) New Products tested with only this library New Products tested with only this library Finds old vulnerabilities with no hope of finding anything new Finds old vulnerabilities with no hope of finding anything new Problem is…this strategy actually works! Problem is…this strategy actually works! Developers repeatedly make the same mistakes Developers repeatedly make the same mistakes Current software is really buggy Current software is really buggy Applications will eventually become immune to these test cases Applications will eventually become immune to these test cases

6 The Need for Techniques Test like detectives Test like detectives Past bugs teach us how vulnerabilities get into our applications Past bugs teach us how vulnerabilities get into our applications The key is to learn new techniques of finding bugs The key is to learn new techniques of finding bugs Four General Classes of testing techniques Four General Classes of testing techniques Dependencies Dependencies Unanticipated user input Unanticipated user input Techniques to expose Design Vulnerabilities Techniques to expose Design Vulnerabilities Techniques to expose implementation vulnerabilities Techniques to expose implementation vulnerabilities

7 Dependency Insecurities and Failures Software resides in co-dependent environment Software resides in co-dependent environment Two Security Concerns Two Security Concerns Application may inherit insecurities Application may inherit insecurities External security service resource may fail External security service resource may fail Internet Explorer’s Content Advisor Internet Explorer’s Content Advisor Content advisor password protects classes of sites Content advisor password protects classes of sites If the library fails to load, Internet explorer permits access to any previously blocked site If the library fails to load, Internet explorer permits access to any previously blocked site

8 Cause of Dependency Failures Severely under-applied inputs to software Severely under-applied inputs to software Error handling code gets little testing scrutiny Error handling code gets little testing scrutiny These types of failures need to be examined These types of failures need to be examined

9 Unanticipated User Input Inputs that cause undesirable side effects and require special testing Inputs that cause undesirable side effects and require special testing Reserved words Reserved words Escape characters Escape characters Long strings Long strings Boundary values Boundary values Most well known side-effect: Buffer Overflow Most well known side-effect: Buffer Overflow Input that can be interpreted as commands Input that can be interpreted as commands

10 Design Insecurities Many Security Vulnerabilities designed into application Many Security Vulnerabilities designed into application Seeing high-level impact on an application or host is difficult Seeing high-level impact on an application or host is difficult Test Instrumentation Test Instrumentation Many applications shipped with it Many applications shipped with it Bypassing security controls for ease of testing Bypassing security controls for ease of testing Ports left open Ports left open Insecure default values and configurations Insecure default values and configurations

11 Implementation Insecurities Perfect design means nothing if Implementation is flawed Perfect design means nothing if Implementation is flawed Man-in-the-middle attack Man-in-the-middle attack Attacker gets between time application checks security and when the application uses information Attacker gets between time application checks security and when the application uses information Xterm – can be exploited to allow a restricted user to append data to the password file Xterm – can be exploited to allow a restricted user to append data to the password file

12 Standard Bug-Severity Rankings Urgent Urgent System crash, Unrecoverable data loss, jeopardizes personnel System crash, Unrecoverable data loss, jeopardizes personnel High High Impairment of critical system functions and no work-around exists Impairment of critical system functions and no work-around exists Medium Medium Impairment of critical system functions and work-around exists Impairment of critical system functions and work-around exists Low Low Inconvenience, annoyance Inconvenience, annoyance None None None of the above or an enhancement None of the above or an enhancement

13 The Need For Tools Testers generally rewarded for both quantity and severity of bugs Testers generally rewarded for both quantity and severity of bugs Side-effect bugs may not get noticed or even dismissed by managers Side-effect bugs may not get noticed or even dismissed by managers Equipped with proper tools testers would notice odd behavior Equipped with proper tools testers would notice odd behavior Writing of a temporary file Writing of a temporary file Sending of extra network packets Sending of extra network packets

14 New Tools Regmon and Filemon – monitor application interactions with registry and file system Regmon and Filemon – monitor application interactions with registry and file system www.sysinternals.com www.sysinternals.com App-Sight – monitors environmental interactions App-Sight – monitors environmental interactions www.identify.com www.identify.com Holodeck – Fine grain control over interactions between application and environment Holodeck – Fine grain control over interactions between application and environment www.sisecure.com www.sisecure.com

15 Paper Analysis Quality Software is Secure Software Quality Software is Secure Software Important points made Important points made Better testing techniques Better testing techniques Better testing tools Better testing tools Design concerns Design concerns

16 Questions?

Download ppt "Why Security Testing Is Hard Herbert H. Thompson Presenter: Alicia Young."

Similar presentations

Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.

Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.
Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.

Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.
Chapter 3 (Part 1) Network Security

Chapter 3 (Part 1) Network Security
Token Kidnapping's Revenge Cesar Cerrudo Argeniss.

Token Kidnapping's Revenge Cesar Cerrudo Argeniss.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.

Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.

Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.
09/18/06 1 Software Security Vulnerability Testing in Hostile Environment Herbert H. Thompson James A. Whittaker Florence E. Mottay.

09/18/06 1 Software Security Vulnerability Testing in Hostile Environment Herbert H. Thompson James A. Whittaker Florence E. Mottay.
Hacking Framework Extended: The Role of Vulnerabilities Joseph H. Schuessler Bahorat Ibragimova 8 th Annual Security Conference Las Vegas, Nevada April.

Hacking Framework Extended: The Role of Vulnerabilities Joseph H. Schuessler Bahorat Ibragimova 8 th Annual Security Conference Las Vegas, Nevada April.
By: Razieh Rezaei Saleh.  Security Evaluation The examination of a system to determine its degree of compliance with a stated security model, security.

By: Razieh Rezaei Saleh.  Security Evaluation The examination of a system to determine its degree of compliance with a stated security model, security.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.

Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.
Testing for Software Security ECEN5053 Software Engineering of Distributed Systems University of Colorado, Boulder Testing for Software Security, Hebert.

Testing for Software Security ECEN5053 Software Engineering of Distributed Systems University of Colorado, Boulder Testing for Software Security, Hebert.
CSCE 548 Secure Software Development Risk-Based Security Testing.

CSCE 548 Secure Software Development Risk-Based Security Testing.
Software Quality Assurance Lecture #8 By: Faraz Ahmed.

Software Quality Assurance Lecture #8 By: Faraz Ahmed.
SCOTT KURODA ADVISOR: DR. FRANZ KURFESS Encouraging Secure Programming Practice in Academia.

SCOTT KURODA ADVISOR: DR. FRANZ KURFESS Encouraging Secure Programming Practice in Academia.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.

Similar presentations

Ads by Google