Software Security Testing Best Practices
How do you find security flaws beyond simple ones like buffer overflows? Most of the current software security testing falls into one of two categories: random corruption of files or network protocols and rE-executing existing, known vulnerabilities against new versions of software. In 72 hours you will learn how hackers find subtle and innovative flaws and exploit them, you need a more methodical, creative process to find them before you do. Learn what it takes to do an application security threat assessment of your software before they go live. You’ll develop a comprehensive security test strategy and build a team with the right mix of skills and experience to execute it. Discover approaches for using fault injection to find application security vulnerabilities before your software is exposed to hackers.
|Contact Hours:||40 hr Lecture 32 hr labs|
|Prerequisites:||Understanding of TCP/IP Protocols|
|Credits:||72 CPE / 3 CEU|
|Method of Delivery:||Residential (100% face-to-face) or Hybrid|
|Method of Evaluation:||95 % attendance 2. 100 % completion of Lab|
|Grading:||Pass = Attendance+ labs & quizzes Fail > 95% Attendance|
Sample Job Titles:
Analyst Programmer/ Computer Programmer
IA Engineer/ IA Software Developer
IA Software Engineer/ Research & Development Engineer
Secure Software Engineer/Security Engineer
Software Developer/Software Engineer/Architect
Systems Analyst/Web App Developer
This 72 hour accelerated class is taught using face to face modality or hybrid modality. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.
Text Materials: SU Class handbook, lab, SU resource CD’s and attack handouts.
- Students will be able to produce software components that satisfy their functional requirements without introducing vulnerabilities
- Students will be able to describe the characteristics of secure programming.
Learn how to plan a security testing effort and integrate security testing into your QA process
Learn about risk assessments, test prioritizations and threat modeling
Acquire the skills to recognize and expose the most insidious security vulnerabilities in your applications
Discover tools, techniques and processes to make security an integral part of your release process and to create a security aware culture in your test team.
Learn the many categories of security bugs that may exist in your software and the secrets of application security testing
Machines a Dual Core 4M Ram, 350 Gig drives, running MS OS, linux, and VMWare Workstation
Tools for class -Whois, Google Hacking, Nslookup, Sam Spade, Traceroute, NMap, HTTrack, Superscan, Nessus, PSTool, Nbtstat, Solarwinds, Saint Netcat, John the ripper, Nikto/Wikto, Web Scarab, HTTP Tunnel (hts.exe), LCP , Cain and Abel, Ettercap system hacking, John the Ripper Wireshark sniffers, TCP dump, D sniff, tcpdump, Metasploit, ISS exploit, web app,Core Impact, Snort, Infostego, Etherape, Firefox with plugins (Hackbar, XSSme...), webgoat, IDA Pro, X Wget, Cyrpto tool, 'Curl' Fority, Ounce.
Who Should Attend? This is a must-have class for functional testers who need to make the transition to finding security bugs. It is also essential for test managers because it teaches the soup to nuts process of security testing and how this type of testing fits in to the overall QA process. Additionally, developers and test managers, security auditors and anyone involved in software production. Attendees gain the skills and techniques to build a security testing team and expose the most insidious application security vulnerabilities.
Lesson Plan 40 hrs lecture/ 32 hrs labs
Lesson 1 & ½ Lesson 2 - 5 hrs Lecture 5 hr Labs
- Where does security testing fit into the product lifecycle?
- Definition of a security bug.
- The role of a security tester in the organization.
- Overview of security testing elements
Lesson 2 and 1 /2 Lesson 3 5 hrs Lecture 5 hr Labs
- Security testing roles
- Threat modeling
- Risk assessments
- Security test planning
- Test team organization and management.
Lesson 3 & 4 - 10 hrs Lecture 10 hr Labs
III. In-Depth Look at Security Vulnerabilities
Each vulnerability will be analyzed for cause, symptoms, prevention and tools to test in software.
Accepting Arbitrary Files as Parameters
Permitting Relative and Default Paths
Offering Administrative, Software and Service Back Doors
Default or Weak Passwords
Shells, Scripts and Macros
Dynamic Linking and Loading
2. Data Parsing
Advanced Buffer Overflows
Format String Attacks
3. Information Disclosure
Storing Passwords in Plain Text
Creating Temporary Files
Leaving Things in Memory
The Swap File and Incomplete Deletes
Weekly-Seeded Keys and Random Number Generation
Trusting the Operating System APIs
4. On the Wire
Trusting the Identity of a Remote Host (Spoofing)
Volunteering Too Much Information
Loops, Self References and Race Conditions
5. Web sites
Cross Site Scripting
Hidden Field Manipulation
Security on the Client
Trusting the Domain Security Model
Lesson 4/5 - 5 hrs Lecture 5 hr Labs
Applying the techniques
Learning from past mistakes
50 question Online exam