security testing
play

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD - PowerPoint PPT Presentation

Jan 11, 2023 •172 likes •2.02k views

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 Agenda for today Part I Latest security news Security vulnerabilities in Java

  1. Black vs. White box Testing • Black box – Unknown internal structure – Study Input → Output correlation – Generic technique – Requires end-to-end system – May miss components • White box – Known internal structure – Analysis of internal structure – GUI not necessarily required – Thorough testing and debugging – Time consuming 57

  2. Classes of Security Testing • Manual vs. Automated Testing • Static vs. Dynamic Testing • Black vs. White box Testing Manual Automated Static Dynamic Blackbox Whitebox Reverse Risk Code Engineering Analysis checking Dynamic Penetration Tainting Fuzzing validation testing 58

  3. Static Application Security Testing • Reverse engineering (System level) – Disassemble application to extract internal structure – Black box to White box – Useful for gaining information 59

  4. Static Application Security Testing • Reverse engineering (System level) • Risk-based testing (Business level) – Model worst case scenarios – Threat modelling for test case generation 60

  5. Static Application Security Testing • Reverse engineering (System level) • Risk-based testing (Business level) • Static code checker (Unit level) – Checks for rule violations via code structure – Parsers, Control Flow graphs, Data flow analysis – Identifies bad coding practices, potential security issues, etc. 61

  6. Classes of Security Testing • Manual vs. Automated Testing • Static vs. Dynamic Testing • Black vs. White box Testing Manual Automated Static Dynamic Blackbox Whitebox Reverse Risk Code Engineering Analysis checking Dynamic Penetration Tainting Fuzzing validation testing 62

  7. Dynamic Application Security Testing • Taint analysis – Tracking variable values controlled by user • Fuzzing – Bombard with garbage data to cause crashes • Dynamic validation – Functional testing based on requirements • Penetration testing – End-to-end black box testing Topic for next lecture 63

  8. Summary Part I • Java vulnerabilities have large attack surfaces • Crucial to adapt Secure SDLC • Threat modelling can drive test case generation • Static analysis checks code without executing it • Dynamic analysis executes code and observes behavior 64

  9. Quiz Time! Which type of testing aims to convert a black box system to white box? Reverse Engineering 65

  10. Quiz Time! Which vulnerability allows a remote attacker to change which instruction will be executed next? Remote Code Execution 66

  11. Quiz Time! Why is Java safe from buffer overflows? It’s not! 67

  12. Agenda for today • Part I – Latest security news – Security vulnerabilities in Java – Types of Security testing • SAST vs. DAST • Part II – SAST under the hood • Pattern Matching • Control Flow Analysis • Data Flow Analysis – SAST Tools performance 68

  13. Why doesn’t the perfect static analysis tool exist? 69

  14. Static Analysis • Soundness • Completeness 70

  15. Static Analysis • Soundness – No missed vulnerability (0 FNs) – No alarm → no vulnerability exists • Completeness 71

  16. Static Analysis • Soundness – No missed vulnerability (0 FNs) – No alarm → no vulnerability exists • Completeness – No false alarms (0 FPs) – Raises an alarm → vulnerability found 72

  17. Static Analysis • Soundness – No missed vulnerability (0 FNs) – No alarm → no vulnerability exists • Completeness – No false alarms (0 FPs) – Raises an alarm → vulnerability found • Ideally: ↑ Soundness + ↑ Completeness • Reality: Compromise on FPs or FNs 73

  18. Usable SAST Tools • ↓ FPs vs. ↓ FNs • ↑ Interpretability • ↑ Scalability 74

  19. SAST under the hood Pattern matching Regular expressions 75

  20. SAST under the hood Pattern matching Syntax analysis Abstract Syntax Tree Regular Control flow Data flow expressions graph analysis 76

  21. Pattern Matching • Look for predefined patterns in code – Regular Expressions – Finite State Automata 77

  22. Pattern Matching • Look for predefined patterns in code – Regular Expressions – Finite State Automata • Find all instances of “bug” g u b !u !g !b 78

  23. Pattern Matching • Look for predefined patterns in code – Regular Expressions – Finite State Automata • Find all instances of “bug” g u b !u !g bug !b 79

  24. Pattern Matching • Look for predefined patterns in code – Regular Expressions – Finite State Automata • Find all instances of “bug” g u b !u !g bug !b 80

  25. Pattern Matching • Look for predefined patterns in code – Regular Expressions – Finite State Automata • Find all instances of “bug” g u b !u !g bug !b 81

  26. Pattern Matching • Look for predefined patterns in code – Regular Expressions – Finite State Automata • Find all instances of “bug” g u b !u !g bug !b 82

  27. Pattern Matching • Look for predefined patterns in code – Regular Expressions – Finite State Automata • Find all instances of “bug” g u b !u !g bug !b 83

  28. Pattern Matching • Look for predefined patterns in code – Regular Expressions – Finite State Automata • Find all instances of “bug” g u b !u Match! !g bug !b 84

  29. Pattern Matching via Regex • Look for predefined patterns in code – Regular Expressions – Finite State Automata • Find all instances of “bug” g u b !u !g bag !b 85

  30. Pattern Matching via Regex • Look for predefined patterns in code – Regular Expressions – Finite State Automata • Find all instances of “bug” g u b !u !g bag !b 86

  31. Pattern Matching via Regex • Look for predefined patterns in code – Regular Expressions – Finite State Automata • Find all instances of “bug” g u b !u !g bag !b 87

  32. Pattern Matching via Regex • Look for predefined patterns in code – Regular Expressions – Finite State Automata • Find all instances of “bug” g u b !u !g bag !b 88

  33. Pattern Matching via Regex • Look for predefined patterns in code – Regular Expressions – Finite State Automata • Find all instances of “bug” g u b !u !g bag !b No Match! 89

  34. Pattern Matching via Regex • Look for predefined patterns in code – Regular Expressions – Finite State Automata • Find all instances of “.*bug” g u b !u !g !b 90

  35. Pattern Matching via Regex • Look for predefined patterns in code – Regular Expressions – Finite State Automata • Find all instances of “.*bug” g u b !b !u !g 91

  36. Pattern Matching via Regex • Look for predefined patterns in code – Regular Expressions – Finite State Automata • Find all instances of “.*bug.*” g u b anything !b !u !g 92

  37. Pattern Matching via Regex • Finds low hanging fruit – Misconfigurations (port 22 open for everyone) – Bad imports (System.io.*) – Call to dangerous functions (strcpy, memcpy) 93

  38. Pattern Matching via Regex • Finds low hanging fruit – Misconfigurations (port 22 open for everyone) – Bad imports (System.io.*) – Call to dangerous functions (strcpy, memcpy) • Shortcomings – Lots of FPs – Limited support 94

  39. Pattern Matching via Regex • Finds low hanging fruit – Misconfigurations (port 22 open for everyone) – Bad imports (System.io.*) – Call to dangerous functions (strcpy, memcpy) • Shortcomings – Lots of FPs – Limited support 95

  40. Pattern Matching via Regex • Finds low hanging fruit – Misconfigurations (port 22 open for everyone) – Bad imports (System.io.*) – Call to dangerous functions (strcpy, memcpy) • Shortcomings – Lots of FPs – Limited support 96

  41. Syntactic Analysis • Performed via Parsers Parse Tree Stream Tokens Lexer Parser • Tokens → Hierarchal data structures – Parse Tree – Concrete representation – Abstract Syntax Tree – Abstract representation 97

  42. Abstract Syntax Tree (AST) 98

  43. Abstract Syntax Tree (AST) 99

  44. Abstract Syntax Tree (AST) SUB 5 1 100

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS Few Security Breaches Date: 2013-14 September 2016, while in negotiations to

404 views • 18 slides
Security Testing - Where Automation Fails Today How does security testing of web

Security Testing - Where Automation Fails Today How does security testing of web

Security Testing - Where Automation Fails Today How does security testing of web applications work What does the tooling landscape look like How does automated security testing fail What can we do Image courtesy of

583 views • 56 slides
Combinatorial Security Testing: Combinatorial Testing Meets Information Security Dimitris E.

Combinatorial Security Testing: Combinatorial Testing Meets Information Security Dimitris E.

Combinatorial Security Testing: Combinatorial Testing Meets Information Security Dimitris E. Simos SBA Research Applied & Computational Mathematics Division Seminar Series National Institute of Standards and Technology (NIST) Gaithersburg,

675 views • 50 slides
Security Testing TDDC90 Software Security Ulf Kargn Department of Computer and Information

Security Testing TDDC90 Software Security Ulf Kargn Department of Computer and Information

Security Testing TDDC90 Software Security Ulf Kargn Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT) Security testing vs regular testing Regular testing aims to

1.06k views • 54 slides
Continuous Application Security Testing Presented by:

Continuous Application Security Testing Presented by:

W14 Security Testing Wednesday, October 23rd, 2019 3:00 PM Continuous Application Security Testing Presented by: Josh Gibbs

306 views • 4 slides
Security testing for hardware product : the security evaluations practice 1 DCIS/SASTI/CESTI

Security testing for hardware product : the security evaluations practice 1 DCIS/SASTI/CESTI

Alain MERLE CESTI LETI CEA Grenoble Alain.merle@cea.fr Security testing for hardware product : the security evaluations practice 1 DCIS/SASTI/CESTI Abstract What are you doing in ITSEFs ? Testing, Security testing, Attacks,

809 views • 23 slides
Security Testing beyond Functional Tests David Basin ETH Zurich June, 2017 Associated

Security Testing beyond Functional Tests David Basin ETH Zurich June, 2017 Associated

Security Testing beyond Functional Tests David Basin ETH Zurich June, 2017 Associated Publication: Mohammad Torabi Dashti, David Basin: Security Testing Beyond Functional Tests. ESSoS 2016. Security Testing

722 views • 38 slides
Software Security Process & Testing a primer for quality professionals Fred Pinkett VP,

Software Security Process & Testing a primer for quality professionals Fred Pinkett VP,

Software Security Process & Testing a primer for quality professionals Fred Pinkett VP, Product Management Security Innovation About Security Innovation Application Security Experts 10+ years research on vulnerabilities Security

690 views • 49 slides
Combinatorial Testing Rick Kuhn NIST Computer Security Division NIST Combinatorial Testing

Combinatorial Testing Rick Kuhn NIST Computer Security Division NIST Combinatorial Testing

Combinatorial Testing Rick Kuhn NIST Computer Security Division NIST Combinatorial Testing Applying empirical results to reduce the cost of testing. Example: 2.5 year study ~ 20% lower test development cost and 20% - 50% better

479 views • 13 slides
Security Regression Addressing Security Regression by Unit Testing Christopher Grayson

Security Regression Addressing Security Regression by Unit Testing Christopher Grayson

Security Regression Addressing Security Regression by Unit Testing Christopher Grayson @_lavalamp Introduction WHOAMI ATL Web development Academic researcher Haxin all the things (but I rlllly like networks) Founder

472 views • 35 slides
CSE 504: Project Proposal Jennifer Niederlnder 01/13/2016 Improving Security Testing

CSE 504: Project Proposal Jennifer Niederlnder 01/13/2016 Improving Security Testing

CSE 504: Project Proposal Jennifer Niederlnder 01/13/2016 Improving Security Testing Improving Security Testing or Collect security errors Derive Patterns Improving Performance Improving Performance 1. Take the code 2. Point out

423 views • 9 slides
Broadcasting your attack: Security testing DAB radio in cars Andy Davis, Research Director

Broadcasting your attack: Security testing DAB radio in cars Andy Davis, Research Director

Broadcasting your attack: Security testing DAB radio in cars Andy Davis, Research Director Image: computerworld.com.au Agenda Who am I and why am I interested in security testing DAB? Overview of DAB How do we broadcast DAB?

790 views • 33 slides
ykpang@beyondsecurity.com Fuzz Testing for Embedded Device Security Assurance (EDSA) ISASecure

ykpang@beyondsecurity.com Fuzz Testing for Embedded Device Security Assurance (EDSA) ISASecure

Empowering Security Teams ykpang@beyondsecurity.com Fuzz Testing for Embedded Device Security Assurance (EDSA) ISASecure EDSA Certification Communication/Network Robustness Testing (CRT) CRT examines the capability of the device to

859 views • 33 slides
Shuntaint: Emulation-based Security Testing for Formal Verification Bruno Luiz

Shuntaint: Emulation-based Security Testing for Formal Verification Bruno Luiz

Shuntaint: Emulation-based Security Testing for Formal Verification Bruno Luiz ramosblc@gmail.com Black Hat Europe 2009 Overview Give a brief overview of the emulation- based security testing Introduction to VEX Formalism

376 views • 26 slides
Model-Based Security M. Ochoa Verification and Testing for F. Bouquet Smart-Cards J. Bottela

Model-Based Security M. Ochoa Verification and Testing for F. Bouquet Smart-Cards J. Bottela

Model-Based Security M. Ochoa Verification and Testing for F. Bouquet Smart-Cards J. Bottela E.Fourneret J.Jurjens P. Yousefi ARES 2011 OUTLINE Introduction Background UMLsec Model-based Testing Security in smart-card

356 views • 17 slides
802.11 Security & Pen Testing Fengwei Zhang Constantinos Kolias SUSTech CS 315 Computer

802.11 Security & Pen Testing Fengwei Zhang Constantinos Kolias SUSTech CS 315 Computer

802.11 Security & Pen Testing Fengwei Zhang Constantinos Kolias SUSTech CS 315 Computer Security 1 Wireless Communications: Advantages & Disadvantages Makes communication possible where cables dont reach Convenience

399 views • 17 slides
Global Register Allocation - 2 Y N Srikant Computer Science and Automation Indian Institute of

Global Register Allocation - 2 Y N Srikant Computer Science and Automation Indian Institute of

Global Register Allocation - 2 Y N Srikant Computer Science and Automation Indian Institute of Science Bangalore 560012 NPTEL Course on Principles of Compiler Design Outline n Issues in Global Register Allocation (in part 1) n The

469 views • 29 slides
Lognormal distribution of subjects by income XL5A-V0H XL5A: 0H XL5A: 0H 2014 Schield

Lognormal distribution of subjects by income XL5A-V0H XL5A: 0H XL5A: 0H 2014 Schield

Lognormal distribution of subjects by income XL5A-V0H XL5A: 0H XL5A: 0H 2014 Schield Log-Normal Income1 1 2014 Schield Log-Normal Income1 2 Lognormal Distribution Log-Normal Distributions of Subjects by Income The log of a Normal

98 views • 7 slides
Stick Graphs with Length Constraints Steven Chaplick, Philipp Kindermann, Andre L offler,

Stick Graphs with Length Constraints Steven Chaplick, Philipp Kindermann, Andre L offler,

Stick Graphs with Length Constraints Steven Chaplick, Philipp Kindermann, Andre L offler, Florian Thiele, Alexander Wolff, Alexander Zaft, and Johannes Zink Introduction 2 Given a collection S of geometric objects Introduction 2

1.57k views • 119 slides
Frequency-hiding Dependency-preserving Encryption for Outsourced Databases ICDE17 Boxiang

Frequency-hiding Dependency-preserving Encryption for Outsourced Databases ICDE17 Boxiang

Frequency-hiding Dependency-preserving Encryption for Outsourced Databases ICDE17 Boxiang Dong 1 Wendy Wang 2 1 Montclair State University Montclair, NJ 2 Stevens Institute of Technology Hoboken, NJ April 20, 2017

1.01k views • 47 slides
EDA045F: Program Analysis LECTURE 2: DATAFLOW BONUS EXAMPLE Christoph Reichenbach Example:

EDA045F: Program Analysis LECTURE 2: DATAFLOW BONUS EXAMPLE Christoph Reichenbach Example:

EDA045F: Program Analysis LECTURE 2: DATAFLOW BONUS EXAMPLE Christoph Reichenbach Example: Reaching Definitions x = 0 x = 0 y = 0 y = 0 z = 1 z = 1 while ( x < 5) { x = x + 1 x = x + 1 i f ( x >= 2) { y = 7 } e l s e { y =

477 views • 25 slides
Exploiting Branch Constraints without Exhaustive Path Enumeration Ting Chen, Tulika Mitra,

Exploiting Branch Constraints without Exhaustive Path Enumeration Ting Chen, Tulika Mitra,

Exploiting Branch Constraints without Exhaustive Path Enumeration Ting Chen, Tulika Mitra, Abhik Roychoudhury, Vivy Suhendra National University of Singapore Static WCET Analysis Flow analysis Loop bounds and infeasible paths

560 views • 16 slides
HiLumi LHC FP7 High Luminosity Large Hadron Collider Design Study Presentation Field quality

HiLumi LHC FP7 High Luminosity Large Hadron Collider Design Study Presentation Field quality

CERN-ACC-SLIDES-2014-0075 HiLumi LHC FP7 High Luminosity Large Hadron Collider Design Study Presentation Field quality requirements from dynamic aperture: including matching section Nosochkov, Y (CERN) 12 November 2013 The HiLumi LHC Design

515 views • 29 slides
Slide 1 / 43 AP Physics C Work And Energy With Calculus Slide 2 / 43 An object moves according

Slide 1 / 43 AP Physics C Work And Energy With Calculus Slide 2 / 43 An object moves according

Slide 1 / 43 AP Physics C Work And Energy With Calculus Slide 2 / 43 An object moves according to the function x = t 5/2 1 where x is the distance traveled and t is the time. Its kinetic energy is proportional to A t 2 t 5/2 B t 3 C t 3/2 D

362 views • 15 slides

More recommend