Testing Code Security
Purchasing Options
Features
Summary
The huge proliferation of security vulnerability exploits, worms, and viruses place an incredible drain on both cost and confidence for manufacturers and consumers. The release of trustworthy code requires a specific set of skills and techniques, but this information is often dispersed and decentralized, encrypted in its own jargon and terminology, and can take a colossal amount of time and data mining to find.
Written in simple, common terms, Testing Code Security is a consolidated resource designed to teach beginning and intermediate testers the software security concepts needed to conduct relevant and effective tests. Answering the questions pertinent to all testing procedures, the book considers the differences in process between security testing and functional testing, the creation of a security test plan, the benefits and pitfalls of threat-modeling, and the identification of root vulnerability problems and how to test for them. The book begins with coverage of foundation concepts, the process of security test planning, and the test pass. Offering real life examples, it presents various vulnerabilities and attacks and explains the testing techniques appropriate for each. It concludes with a collection of background overviews on related topics to fill common knowledge gaps. Filled with cases illustrating the most common classes of security vulnerabilities, the book is written for all testers working in any environment, and it gives extra insight to threats particular to Microsoft Windows® platforms.
Providing a practical guide on how to carry out the task of security software testing, Testing Code Security gives the reader the knowledge needed to begin testing software security for any project and become an integral part in the drive to produce better software security and safety.
Table of Contents
Introduction
Why Is This Book Being Written?
Why Am I Writing This Book
Goals of This Book
Intended Audience
How This Book Is Organized
Security Vocabulary
Virus or Attack Naming
Security Terminology
Software Testing and Changes in the Security Landscape
Software Testing as a Discipline
Security Has Become More of a Priority
Security Efforts Have Become More Visible
Perimeter Security Just Isn't Enough
All Trust Is Misplaced
Security Testing Considerations
Security Testing Versus Functional Testing
Discovery of Software Vulnerabilities
Assume Attackers Know Everything You Do
Know Your Attackers
Exploiting Software Vulnerabilities
Common Security Hindering Phrases
Software Development Life Cycle versus Security-Testing Life Cycle
Black-Box versus White-Box Security Testing
Guard Your Own Gates
The Role of Security Testing
Effectively Presenting Security Issues
Threat Modeling and Risk Assessment Processes
Threat Modeling Terms
Initial Modeling of Threats
Pitfalls of Threat Modeling
Threat Trees
DREAD
STRIDE
MERIT
OCTAVE and OCTAVE-S
Personas and Testing
Creating Personas
Using Personas
Pitfalls of Personas
Security Personas
Security Test Planning
Overview of the Process
Start Drafting Your Test Documents
Dissect the System
Gather Information
Develop Security Cases
Prioritize Tests
Develop a Test Plan of Attack
Draft a Schedule
Review the Plan and Test Cases
Run Test Passes
Postmortem the Results
Sample Security Considerations
Universal
Stand-Alone Applications
APIs
Web Applications/Web Services/Distributed Applications
Vulnerability Case Study - Brute Force Browsing
Pseudonyms
Description
Anatomy of an Exploit
Real-World Examples
Test Techniques
Vulnerability Case Study - Buffer Overruns
Pseudonyms
Description
Anatomy of an Exploit
Real-World Examples
Test Techniques
Vulnerability Case Study - Cookie Tampering
Pseudonyms
Description
Anatomy of an Exploit
Real-World Examples
Test Techniques
Vulnerability Case Study: Cross-Site Scripting (XSS)
Pseudonyms
Description
Anatomy of an Exploit
Real-World Examples
Test Techniques
Vulnerability Case Study: Denial of Service/Distributed Denial of Service
Pseudonyms
Description
Anatomy of an Exploit
Real-World Examples
Test Techniques
Vulnerability Case Study: Format String Vulnerabilities
Pseudonyms
Description
Anatomy of an Exploit
Real-World Examples
Test Techniques
Tools
Vulnerability Case Study: Integer Overflows and Underflows
Pseudonyms
Description
Anatomy of an Exploit
Real-World Examples
Test Techniques
Vulnerability Case Study: Man-in-the-Middle Attacks
Pseudonyms
Description
Anatomy of an Exploit
Real-World Examples
Test Techniques
Vulnerability Case Study - Password Cracking
Pseudonyms
Description
Anatomy of an Exploit
Real-World Examples
Test Techniques
Vulnerability Case Study - Session Hijacking
Pseudonyms
Description
Anatomy of an Exploit
Real-World Examples
Test Techniques
Vulnerability Case Study - Spoofing Attacks
Pseudonyms
Description
Anatomy of an Exploit
Real-World Examples
Test Techniques
Vulnerability Case Study - SQL Injection
Pseudonyms
Description
Anatomy of an Exploit
Real-World Examples
Test Techniques
Fuzz Testing
Assumptions
Process Steps
Case Studies
Background - Cryptography
Encryption
How Encryption Works
Encryption Tools
Crypto Is Not Always Secure
The Future of Crypto
Background - Firewalls
TCP/IP
Port Scanners
Types of Firewalls
Drawbacks to Using Firewalls
Background - OSI Network Model
Application Layer (Layer 7)
Presentation Layer (Layer 6)
Session Layer (Layer 5)
Transport Layer (Layer 4)
Network Layer (Layer 3)
Data Link Layer (Layer 2)
Physical Layer (Layer 1)
Background - Proxy Servers
Types of Proxy Servers
Circumventor
Anonymous
Background - TCP/IP and Other Networking Protocols
TCP
IP
UDP
ICMP
ARP
RARP
BOOTP
DHCP
Background - Test Case Outlining (TCO)
Goals
What Is (and Is Not) a TCO
Benefits of a TCO
Steps in Test Case Outlining
TCO Formats
TCO Maintenance
TCO to Scenario
Additional Sources of Information
Recommended Reading
Recommended Web Sites and Mailing Lists
Index
Related Titles
