1. Software Security Testing Vinay Srinivasan srinivasan_vinay@yahoo.com vinay.srinivasan@techmahindra.com cell: +91 9823104620

2. By Vinay Srinivasan (Tech Lead) Working At Testing Center of Excellence Laboratory, TechMahindra, Pune

3. Secure Software  Confidentiality  Disclosure of information to only intended parties  Integrity  Determine whether the information is correct or not  Data Security  Privacy  Data Protection  Controlled Access  Authentication  Access to Authorized People  Availability  Ready for Use when expected  Non Repudiation  Information Exchange with proof

4. Software Security  Security of Operating System  Security of Client Software  Security of Application Software  Security of System Software  Security of Database Software  Security of Software Data  Security of Client Data  Security of System Data  Security of Server Software  Security of Network Software

5. Why Security Testing  For Finding Loopholes  For Zeroing IN on Vulnerabilities  For identifying Design Insecurities  For identifying Implementation Insecurities  For identifying Dependency Insecurities and Failures  For Information Security  For Process Security  For Internet Technology Security  For Communication Security  For Improving the System  For confirming Security Policies  For Organization wide Software Security  For Physical Security

6. Approach to Software Security Testing  Study of Security Architecture  Analysis of Security Requirements  Classifying Security Testing  Developing Objectives  Threat Modeling  Test Planning  Execution  Reports

7. Security Testing Techniques  OS Hardening  Configure and Apply Patches  Updating the Operating System  Disable or Restrict unwanted Services and Ports  Lock Down the Ports  Manage the Log Files  Install Root Certificate  Protect from Internet Misuse and be Cyber Safe  Protect from Malware  Vulnerability Scanning  Identify Known Vulnerabilities  Scan Intrusively for Unknown Vulnerabilities

8. Security Testing Techniques (continued…)  Penetration Testing  Simulating Attack from a Malicious Source  Includes Network Scanning and Vulnerability Scanning  Simulates Attack from someone Unfamiliar with the System  Simulates Attack by having access to Source Code, Network, Passwords  Port Scanning and Service Mapping  Identification and locating of Open Ports  Identification of Running Services  Firewall Rule Testing  Identify Inappropriate or Conflicting Rules  Appropriate Placement of Vulnerable Systems behind Firewall  Discovering Administrative Backdoors or Tunnels  SQL Injection  Exploits Database Layer Security Vulnerability  Unexpected Execution of User Inputs

9. Security Testing Techniques (continued…)  Cross Side Scripting  Injecting Malicious Client Side Script into Web Pages  Persistent, Non-Persistent and DOM based Vulnerabilities  Parameter Manipulation  Cookie Manipulation  Form Field Manipulation  URL Manipulation  HTTP Header Manipulation  Denial of Service Testing  Flooding a target machine with enough traffic to make it incapable  Command Injection  Inject and execute commands specified by the attacker  Execute System level commands through a Vulnerable Application

10. Security Testing Techniques (continued…)  Network Scanning  Identifying Active Hosts on a network  Collecting IP addresses that can be accessed over the Internet  Collecting OS Details, System Architecture and Running Services  Collecting Network User and Group names  Collecting Routing Tables and SNMP data  Password Cracking  Collecting Passwords from the Stored or Transmitted Data  Using Brute Force and Dictionary Attacks  Identifying Weak Passwords  Ethical Hacking  Penetration Testing, Intrusion Testing and Red Teaming  File Integrity Testing  Verifying File Integrity against corruption using Checksum

11. Security Testing Techniques (continued…)  War Dialing  Using a Modem to dial a list of Telephone Numbers  Searching for Computers, Bulletin Board System and Fax Machines  Wireless LAN Testing  Searching for existing WLAN and logging Wireless Access Points  Buffer Overflow Testing  Overwriting of Memory fragments of the Process, Buffers of Char type  Format String Testing  Supplying Format type specifiers in the Application input  Random Data Testing  Random Data Inputs by a Program  Encoded Random Data included as Parameters  Crashing built-in code Assertions

12. Security Testing Techniques (continued…)  Random Mutation Testing  Bit Flipping of known Legitimate Data  Byte stream Sliding within known Legitimate Data  Session Hijacking  Exploitation of Valid Computer Session  Exploitation of the Web Session control mechanism  Gain unauthorized access to the Web Server  Phishing  Masquerading as a trustworthy entity in an electronic communication  Acquiring usernames, passwords and credit card details  URL Manipulation  Make a web server Deliver inaccessible web pages  URL Rewriting

13. Security Testing Techniques (continued…)  IP Spoofing  Creating Internet Protocol (IP) packets with a forged source IP address  Packet Sniffing  Capture and Analyze all of the Network traffic  Virtual Private Network Testing  Penetration Testing  Social Engineering  Psychological Manipulation of People  Divulging confidential information

14. Conclusion  Analyze potential Threat and its Impact  Complete Security Testing may not be Feasible  Collect Information to Secure Business Environment  Should be done as early as possible in the Dev.. Cycle  Should be able to identify the Security Requirements  Have Specific understanding of the Various Processes  Should provide Recommendations to overcome Weakness

15. Thank You

16. Contact Details  Email :  vinay.srinivasan@techmahindra.com  srinivasan_vinay@yahoo.com  Phone :  +91-20-42250000 Extn : 253925 / 253926  +91-20-66550000 Extn : 253925 / 253926  +91-9823104620  Fax :  +91-20-42252501  +91-20-66552501