testing
play

Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is - PowerPoint PPT Presentation

Dec 21, 2022 •357 likes •455 views

Introduction to Penetration Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking a system to find security vulnerabilities in order to fix them before a malicious party attacks the system Legal if

  1. Introduction to Penetration Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015

  2. What is Penetration Testing? • Attacking a system to find security vulnerabilities in order to fix them before a malicious party attacks the system • Legal if you get permission, but be careful to not break the law! • Tons of online penetration testing sandboxes, vulnerable distributions, and vulnerable sites available online: ‣ Hack This Site! ‣ Hack.me ‣ Metasploitable ‣ OverTheWire.org ‣ Captf.com Page

  3. I don’t want to do IT… why is this important? • In order to be able to develop new security software or do new security research, you need to understand how systems are vulnerable to attacks • Attackers are using these attacks on your computer, your university’s servers, your bank’s servers, your cloud storage servers, your email service’s servers… everything. • Hacking is fun! Page

  4. Kali Linux • Debian-derived Linux distribution designed for digital forensics and penetration testing • Pre-installed with >600 penetration-testing programs ‣ Nmap ‣ Wireshark ‣ Burp ‣ Jack the Ripper ‣ Metasploit Page

  5. Metasploit • Framework designed for developing, exploiting, and assisting in attacks (over 900 exploits available) • Built with research in mind • Written in Ruby Page

  6. SQL Injection • A type of web app security vulnerability in which an attacker is able ot submit a database SQL command that is executed by a web application, exposing the back-end database. • Tools to use: SQLMap, SQLNinja • Tutorial Page

  7. Cross-Site Scripting (XSS) • Enables attackers to inject client-side script into web pages • Used to bypass access controls • Account for roughly 84% of all vulnerabilities • Tool: BeEF Exploitation Framework • Cheat Sheet: https://www.owasp.org/index.php/XSS_Filter_Evasion_C heat_Sheet • https://xss-game.appspot.com/ Page

  8. Password Cracking • Configurations comprised of 3 parts: ‣ Wordlists: contain password lists in plaintext • Can be downloaded off the internet ‣ Rules: modifications to the wordlist ‣ Hash Algorithm: used to generate the password hash • Examples: MD5, SHA1 • Tools: Jack the Ripper, OCLHashCat Page

  9. Lab • We will utilize the tools learned in this hands-on lecture to learn some hacking! We will play some Capture The Flag. • Hack.lu Page

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Testing Terminology System testing Types of errors Function testing Structure

Testing Terminology System testing Types of errors Function testing Structure

Outline Testing Terminology System testing Types of errors Function testing Structure Testing Dealing with errors Performance testing Quality assurance vs Acceptance testing Testing Installation testing

396 views • 11 slides
Chapter 1 Fundamentals of testing 1. Why is testing necessary? 2. What is testing? 3. Test

Chapter 1 Fundamentals of testing 1. Why is testing necessary? 2. What is testing? 3. Test

Chapter 1 Fundamentals of testing 1. Why is testing necessary? 2. What is testing? 3. Test principles 4. Fundamental test process 5. The psychology of testing 1. Why is testing necessary 1.1 Software system context 1.2 Causes of

567 views • 36 slides
Levels of Testing Chapter 12 Beyond unit testing Developer Testing stages Unit testing

Levels of Testing Chapter 12 Beyond unit testing Developer Testing stages Unit testing

Levels of Testing Chapter 12 Beyond unit testing Developer Testing stages Unit testing Testing of individual components Integration testing Testing to expose problems arising from the combination of components System

173 views • 15 slides
Software Testing Software testing 1 V model Software testing 2 Program testing goals To

Software Testing Software testing 1 V model Software testing 2 Program testing goals To

Software Testing Software testing 1 V model Software testing 2 Program testing goals To demonstrate to the developer and the customer that the software meets its requirements. => leads to validation testing To discover situations

264 views • 11 slides
Lecture 8 Purpose of testing Kinds of testing Testing Heuristics for good test

Lecture 8 Purpose of testing Kinds of testing Testing Heuristics for good test

CSE 331 Outline Software Design and Implementation Why correct software matters Motivates testing and more than testing, but now seems like a fine time for the discussion Testing principles and strategies Lecture 8 Purpose

506 views • 13 slides
Testing Overview Introduction (Proving and Testing) Types of Testing Unit,

Testing Overview Introduction (Proving and Testing) Types of Testing Unit,

CPSC 310 Software Engineering Testing Overview Introduction (Proving and Testing) Types of Testing Unit, Integration, Regression, System, Acceptance Testing Tactics Functional (Black Box), Structural (White Box)

982 views • 61 slides
Testing 5 March 2020 OSU CSE 1 Importance of Testing Testing is a ubiquitous and expensive

Testing 5 March 2020 OSU CSE 1 Importance of Testing Testing is a ubiquitous and expensive

Testing 5 March 2020 OSU CSE 1 Importance of Testing Testing is a ubiquitous and expensive software engineering activity It is not unusual to spend 30-40% of total project effort on testing For big and/or life-critical systems

701 views • 47 slides
Overview Objective Types of testing ECE 553: TESTING AND Verification testing

Overview Objective Types of testing ECE 553: TESTING AND Verification testing

9/1/2014 Overview Objective Types of testing ECE 553: TESTING AND Verification testing TESTABLE DESIGN OF Characterization testing Manufacturing testing DIGITAL SYSTES DIGITAL SYSTES Acceptance testing

368 views • 7 slides
Chapter 11, Testing ! Function testing Types of errors ! Structure Testing Dealing with

Chapter 11, Testing ! Function testing Types of errors ! Structure Testing Dealing with

Outline Object-Oriented Software Engineering Terminology System testing Chapter 11, Testing ! Function testing Types of errors ! Structure Testing Dealing with errors ! Performance testing Using UML, Patterns, and Java Quality

425 views • 7 slides
Functional Testing Review Chapter 8 Functional Testing We saw three types of functional

Functional Testing Review Chapter 8 Functional Testing We saw three types of functional

Functional Testing Review Chapter 8 Functional Testing We saw three types of functional testing Boundary Value Testing Equivalence Class Testing Decision Table-Based Testing What is the common thread among the above methods?

685 views • 33 slides
Page 1 Unit Testing Informal -- Incremental coding Static Analysis: Hand execution:

Page 1 Unit Testing Informal -- Incremental coding Static Analysis: Hand execution:

Podcast Ch11-02 Title : Types of Testing Description : Unit Testing, Black Box Testing, White Box Testing, Using Flow Diagrams Participants : Barry Kurtz (instructor); Brandon Winters, Sara Hyde, Cheng Vue, Dan Baehr (students)

792 views • 8 slides
Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing

Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing

Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing Hypothesis testing is a method to contradict a theoretical assumption using data. In his seminal book on design of experiments, Fisher (1937) uses

526 views • 3 slides
Property-Based Testing Matt Bachmann @mattbachmann Testing is Important Testing is Important

Property-Based Testing Matt Bachmann @mattbachmann Testing is Important Testing is Important

Property-Based Testing Matt Bachmann @mattbachmann Testing is Important Testing is Important Testing is Important Testing is Hard Testing is Hard Testing is Hard Capture the Important Cases Minimize The Coding Overhead Sorting a list of

1.66k views • 118 slides
Testing a URL Class http://www.askigor.org/status.php?id=sample Query Protocol Host Path 31

Testing a URL Class http://www.askigor.org/status.php?id=sample Query Protocol Host Path 31

Making Programs Fail Andreas Zeller 1 Two Views of Testing Testing means to execute a program with the intent to make it fail. Testing for validation: Finding unknown failures (classical view) Testing for debugging: Finding a

459 views • 17 slides
Structural Testing Also known as glass/white/open box testing Structural testing is based

Structural Testing Also known as glass/white/open box testing Structural testing is based

Path Testing and Test Coverage Chapter 9 Structural Testing Also known as glass/white/open box testing Structural testing is based on using specific knowledge of the program source text to define test cases Contrast with functional

999 views • 60 slides
Black Box Testing (A&O Ch. 4) (2 nd Ed. Ch. 6) Course Software Testing & Verification

Black Box Testing (A&O Ch. 4) (2 nd Ed. Ch. 6) Course Software Testing & Verification

Black Box Testing (A&O Ch. 4) (2 nd Ed. Ch. 6) Course Software Testing & Verification 2019/20 Wishnu Prasetya & Gabriele Keller Plan Partitioning based testing (A&O Ch 4/2 nd Ed Ch. 6). Model based testing Note: black

772 views • 39 slides
Hack the Derivative! Erik Taubeneck Software Engineer October 20th, 2015 American University

Hack the Derivative! Erik Taubeneck Software Engineer October 20th, 2015 American University

The Derivative Finite Difference Floating Point Arithmetic Complex Analysis Crash Course Hack the Derivative Hack the Derivative! Erik Taubeneck Software Engineer October 20th, 2015 American University Math/Stat Dept Colloquium The

1.39k views • 106 slides
Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an

Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an

Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an Example Saghar Estehghari 1 Yvo Desmedt 1 , 2 1 Department of Computer Science University College London, UK 2 Research Center for Information Security

572 views • 28 slides
Hacking the Canon 300D digital camera Lex Augusteijn November 2018 www.lex-augusteijn.nl

Hacking the Canon 300D digital camera Lex Augusteijn November 2018 www.lex-augusteijn.nl

Hacking the Canon 300D digital camera Lex Augusteijn November 2018 www.lex-augusteijn.nl lex.augusteijn@gmail.com History March 2003: Canon 10D was introduced $1500 DSLR 6Mpix CMOS sensor August 2003: Canon 300D was introduced

332 views • 22 slides
How to Hack Blockchain Systems Parinya Ekparinya Vincent Gramoli Guillaume Jourjon The

How to Hack Blockchain Systems Parinya Ekparinya Vincent Gramoli Guillaume Jourjon The

How to Hack Blockchain Systems Parinya Ekparinya Vincent Gramoli Guillaume Jourjon The University of Sydney Page 1 Blockchain Block #41 Block #42 Block #43 Block #44 Proof: Proof: Proof: Proof: 0xd00d1e 0xc0ffee 0xf00baa

630 views • 41 slides
02 October 2020 Association for Computing Machinery 02 October 2020 Miami Hacks | October

02 October 2020 Association for Computing Machinery 02 October 2020 Miami Hacks | October

Association for Creepy Mansions 02 October 2020 Association for Computing Machinery 02 October 2020 Miami Hacks | October 2nd-4th Florida International University 36 Hour Hackathon Online! October 2nd-4th Register at

640 views • 31 slides
USB HID Hacker Interface Design Jason Pisani Paul Caruga6 Richard Rushing Motorola, Inc.

USB HID Hacker Interface Design Jason Pisani Paul Caruga6 Richard Rushing Motorola, Inc.

USB HID Hacker Interface Design Jason Pisani Paul Caruga6 Richard Rushing Motorola, Inc. USBHID USB device class that describes human interface devices such as keyboards, mice, game controllers ,alphanumeric display devices, and

321 views • 8 slides
Hackers vs Testers: A Comparison of Software Vulnerability Discovery Processes Daniel Votipka ,

Hackers vs Testers: A Comparison of Software Vulnerability Discovery Processes Daniel Votipka ,

Hackers vs Testers: A Comparison of Software Vulnerability Discovery Processes Daniel Votipka , Rock A. Stevens, Elissa M. Redmiles, Jeremy Hu, and Michelle L. Mazurek 22 May 2018 VULNERABILITY DISCOVERY 2 VULNERABILITY DISCOVERY

375 views • 26 slides
Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of

Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of

Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of Cyber Operations KnowBe4, Inc. The worlds most popular integrated Security Awareness Training and Simulated Phishing platform Based

296 views • 25 slides

More recommend