A Survey on Software Security Testing Techniques
Total Page:16
File Type:pdf, Size:1020Kb
International Journal of Computer Science and Telecommunications [Volume 4, Issue 4, April 2013] 14 A Survey on Software Security Testing Techniques ISSN 2047-3338 Abdullah Saad AL-Malaise AL-Ghamdi Department of Information Systems, Faculty of Computing & Information Technology, King Abdulaziz University, Kingdom of Saudi Arabia [email protected] Abstract– This article briefs a survey on software security software can be exploited by intruders to open security holes. techniques. Software security testing is not the identical as With the development of the Internet, software security testing the correctness and competence of security functions problems are becoming even more ruthless and excruciating. implemented by software, which are most frequently verified Many critical software applications and services need through requirements-based testing. These tests are important; integrated security measures against malicious attacks. The they expose only a small piece of the depiction needed to verify the security of the software. Security testing is necessary because purpose of security testing of these systems include it has a distinct relationship with software quality. Software identifying and removing software flaws that may potentially meets quality requirements related to functionality and guide to security violations, and validating the effectiveness performance, it does not necessary mean that the software is of security measures. secure. A vulnerability tools is a program that performs the analytical phase of a vulnerability analysis, and assessment. Index Terms– Software Security, Assurance, Reliability and Vulnerability analysis defines, identifies, and classifies the Recoverability security holes and their weakness in computer systems includes network, server, or communications channel. Also vulnerability analysis can predict the effectiveness of I. INTRODUCTION proposed countermeasures, and evaluate how well they work OFTWARE behaves in the presence of a malicious attack, after they are put into use. The tools relies on a database that S even though in the real world, software failures usually contains all the information required to check a system for happen spontaneously-that is, without intentional security holes in services and ports, anomalies in packet mischief. Security is always next of kin to the information and construction, and potential paths to exploitable programs. services being protected, the skills and resources of Vulnerability assessments that verify the presence of security adversaries, and the costs of potential assurance remedies; controls, and penetration testing which is used to determine if security is executed in risk management. Risk analysis, those security controls are effectively working, are common especially at the design level, can help us identify potential security Testing techniques. security problems and their impact. Once recognized and categorized, software risks can then assist software security II. REQUIREMENT FOR SECURITY TESTING testing. Basically there are three key quality components to Software assurance is comprised of reliability, software assurance. These are reliability, resiliency, and recoverability, and resiliency aspects of the software. recoverability. Reliable software is that which functions as Software testing must address all of these. Software testing needed by the end user. Resilient software is that which is for functionality should always be improved with security able to endure the attempts of an attacker to compromise testing for resiliency [1]. Unit testing is performed by impact integrity, confidentiality and availability. We can say a developers and has the benefit of detecting functional and secure software should achieves these security requirements software assurance issues early on in the life cycle because it breaks the software into small convenient units. Regression A. Possible Attacks on Software testing is essential when code changes. It can be used to compute the relative attack surface from one version to This section describes the various possible attacks. The another and provide imminent into whether the state of large systems are typically most susceptible to, due to software security is improving or deteriorating. The difference malicious outsiders and an insider includes users, processes between software safety and software security is presence of and applications. The possible attacks are an smart adversary twisted on breaking the system. Software Information Disclosure Attacks Applications can often quality, reliability and security belong to one family. Flaws in be forced to reveal sensitive or useful data. Error Journal Homepage: www.ijcst.org Abdullah Saad AL-Malaise AL-Ghamdi 15 messages generated by the application often contain mitigation strategies for potential vulnerabilities and helps information useful to attackers. Attacks of this type them focus their limited resources and attention on the parts include directory indexing attacks, path traversal attacks of the system most at risk. It is recommended that all and determination of whether the application allocates applications have a threat model developed and documented. resources from a conventional and accessible location. Threat models should be created as early as possible in the The target with this set of attacks is to segregate any and SDLC, and should be revisited as the application evolves and all cases of information leakage. development progresses. To develop a threat model, System Dependency Attacks: Vital system resources implement a simple approach that follows the NIST 800-30 can be identified by monitoring the environment of use [7] standard for risk assessment. This approach involves: of the application and targeted. A system must have the Decomposing the application - understand, through a ability to securely process corrupt, missing and process of manual inspection, how the application Trojaned files. Large systems are often vulnerable to works, its assets, functionality, and connectivity. input strings that tend to cause insecure behaviors. Defining and classifying the assets - classify the assets Attacks in this class include large strings, command into tangible and intangible assets and rank them injection, LDAP injection, OS commanding, SQL according to business importance. injection, SSI injection, format strings, escape Exploring potential vulnerabilities - whether technical, characters, and special/problematic character sets. operational, or management. Logic/Implementation (business model) Attacks The Exploring potential threats - develop a realistic view of hardest attacks to apply are often the most profitable for potential attack vectors from an attacker’s perspective, an attacker. These include broadcast temporary files for by using threat scenarios or attack trees. sensitive information, attempts to mall-treatment internal functionality to expose secrets and cause Creating mitigation strategies - develop mitigating insecure behavior, checking for faulty process validation controls for each of the threats deemed to be realistic. and testing the application’s ability to be remote- controlled. Users may get in between the time-of-check B. Code Review and time-of-use of sensitive data and perform denial of Source code review is carried by static analysis. It is the service at the component level. process of manually checking source code for security Authentication/Authorization Attacks These attacks is vulnerability. Many serious security weaknesses cannot be comprise both dictionary attacks and common detected with any other procedure of analysis or testing. account/password strings) and credentials, exploiting According to the security community there is no alternate for key materials , insufficient and poorly implemented actually looking at code for detecting subtle vulnerabilities. protection and recovery of passwords, key material both Unlike testing third party closed software such as operating in memory and at component boundaries. systems, when testing applications the source code should be made available for testing purposes. Many unintentional but III. SECURITY TESTING TECHNIQUES significant security problems are also extremely difficult to discover with other forms of analysis or testing, such as We have reviewed many articles on security testing penetration testing, making source code analysis the technique techniques and brief here. Basically in software engineering of choice for technical testing. The advantages of code review the: are Completeness, effectiveness, and Accuracy. Code reviews Disadvantages are not practical for large code bases, requires highly skilled reviewers, labor intensive, and infeasible to Automated static analysis detect runtime errors. Binary code analysis With the source code, a tester can accurately determine Fuzz testing what is happening and remove the speculation work of black Source and binary code fault injection box testing. The issues includes concurrency problems, time bombs, logic bombs, flawed business logic, access control Risk analysis problems, and cryptographic weaknesses as well as back Vulnerability scanning doors, Trojans and other forms of malicious code can be Penetration testing exposed by source code reviews. These issues often visible themselves as the most harmful vulnerabilities in web sites. A. Risk Analysis Source code analysis can also be extremely efficient to find To review security requirements and to identify security implementation issues such as sections of the