version 02u-1 computer security: art and science1 penetration testing by brad arkin scott stender...

Version 02U-1 Computer Security: Art and Science 1

Penetration Testing by

Brad Arkin Scott Stender

and Gary McGraw


Topics

IntroductionPenetration Testing TodayBetter ApproachSummary/Conclusion


Introduction

Testing for positives

Security testingTest for negatives


Penetration Testing Today

Attractive late life cycle activityToo little, too late an attempt to tackle security.

Use of security requirements, abuse cases, security risk knowledge, attack patterns in application design, analysis and testing are missing.


Penetration Testing Today (contd)

Attractive late life cycle activityResults Interpretation

A list of flaws, bugs and vulnerabilities

Doesn’t factor in the time-boxed nature of late lifecycle assessments.

Penetration testing as a way to declare victory


Penetration Testing in SDLC


A Better ApproachBase the testing activities on the security findings discovered and tracked from the beginning of the development life cycle.

Structure test according to perceived risk and offer some kind of metric relating risk measurement to software security’s posture at the time of the test.

Make Use of ToolsUse static analysis tools

Use dynamic analysis tools


A Better Approach (contd)

Benefits of ToolsTools can perform the routine work needed for basic software security analysis.

Tool output lends itself to metrics, which software development teams can use to track progress overtime.



Test more than onceTest at the feature, component, unit and system level

Tests should attempt unauthorized misuse of, and access to, target assets as well as try to violate any assumptions the system might make relative to its components


A Better Approach (Contd)

Test more than onceComponent level testing

Use static and dynamic tools uniformly at the component level.The tool design should reflect the security test’s goal: to misuse the component’s assets, violate intercomponent assumptions, or probe risks.

Unit testingbreaks system security down into several discrete parts



Test more than onceSystem level testing

system-level testing focuses on identifying intercomponent issues and assessing the security risk inherent at the design level.

– a component assumes that only trusted components have access to its assets, security testers should structure a test to attempt direct access to that component from elsewhere

– focus on aspects of the system that couldn’t be probed during unit testing.


A Better Approach (Contd) Integrate with development life cycle

Most common problem with penetration testing is the failure to identify lessons to be learned and propagated back into the organization’s SDLC.Mitigation strategy

Rather than simply fixing identified bugs, developers should perform a root-cause analysis of the identified vulnerabilitiesDevelopers and architects should devise mitigation strategies to address the identified vulnerabilities and any similar vulnerability in the code base.

– Buffer overflow example


A Better Approach (Contd)

Integrate with development life cycleUse test result information to measure progress against a goal.

Add tests for the mitigated vulnerability to the automated test suites

Employ iterative security penetration tests

Reveals fewer and less severe flaws in the system.


Summary

Penetration testing is the most commonly applied mechanism used to measure software security but it’s also the most misapplied mechanism as well. Apply penetration testing at the unit and system level, derive test cases from risk analysis, and incorporate the results back into the development life cycleIntegrate penetration testing into the development process to improve design, implementation and deployment practices

–Questions/Comments ???

version 02u-1 computer security: art and science1 penetration testing by brad arkin scott stender...

Documents