Application Testing Process

Create a threat model either listing known possible attack methods, create use cases of possible attacks

  1. Apply known attacks
    • middleman
    • account access
    • buffer overflow
    • data input
  2. Consider known goals of the attacker (anti-goals) such as:
    • buy negative number of items

Attackers may attempt to violate confidentiality through interception, privilege escalation, spoofing, tampering, modification, or fabrication.

Types of testing include:

  • Manual testing with known threats
  • Automated testing with tools that do security penetration testing.
  • Code reviews - There are code review tools to help the code review process. Code reviews can reveal many security bugs.

Application Attacks

  • Attack things the application depends on
    • Configuration files - Make them corrupt or delete
    • Registry values associated with the application
    • Library files - Make them unavailable, corrupt, or replace
    • Attack and diminish system resources including memory and disk space
    • Limit the availability of the network or internet
    • Modify system environment variables
  • Attack at points of user input
    • Use escape characters, quotes, and special characters such as semi-colons which may end statements to embed statements that may compromise a program
    • Overflow input buffers
    • Use unexpected command line switches.
  • Attack software design
    • ry to use default and test accounts to get access.
    • Use test software like Holodeck to try penetration testing. Sometimes developers leave test hooks in the application that may be exploited.
    • Probe all ports to see if the application left a port open that may be vulnerable
    • Fake data going to the application as though it came from an administrator or an authorized user.
    • Execute application functionality over and over very fast to see if a denial of service or unauthorized access condition may happen.
    • Test every possible method to accomplish the same task that may be provided by the application.
    • Leave values and input fields blank. If internal application values are reset, the application may be in an insecure state with default values such as a known default password for an administrator account.
  • Attack software implementation
    • The attacker may try to switch the data after it is checked.
    • Some files may have special privileges because of their names so an attacker may create files with the same names. Library files such as dlls may have special privileges. The attacker may create the file and put it in a directory that is searched by the system first before searching the directory where the original file is.
    • Test the program by putting every possible error condition in that will use every possible error messages. Try to find error conditions that the program did not provide for.
    • Test temporary data for storage of sensitive information including passwords and account names.