New Rules to Attack Software
This 72 hour hands-on workshop introduces you to "How to penetrate your software," a step by step methodology to effectively and efficiently attack software. You will learn a very applied and non-rigid approach to test software for common bugs. It's a departure from conventional network penetration in which programmers prepare a written attack plan and then use it as a script when attacking the software. The class teaches you how to plan attacks "on the fly" by providing you with insight, experience, and a nose for where bugs are hiding. This workshop is presented in an "interwoven" format where each topic has a hands-on component so that you can explore the attacking techniques and software tools using real software.
|Contact Hours:||40 hr Lecture 32 hr labs|
|Prerequisites:||Understanding of TCP/IP Protocols|
|Credits:||72 CPE / 3 CEU|
|Method of Delivery:||Residential (100% face-to-face) or Hybrid|
|Class Materials:||SU textbook and testing software|
|Method of Evaluation:||95 % attendance 2. 100 % completion of Lab|
|Grading:||Pass = Attendance+ labs & quizzes Fail > 95% Attendance|
Sample Job Titles:
Analyst Programmer/Computer Programmer
Information Assurance (IA) Engineer
Information Assurance (IA) Software Developer
Information Assurance (IA) Software Engineer
Research & Development Engineer
Secure Software Engineer/Security Engineer
Software Developer/ Software Engineer
Architect/ Systems Analyst/ Web App Developer
This 72 hour accelerated class is taught using face to face modality or hybrid modality. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.
Who Should Attend -Information Security and IT managers; Information Assurance Programmers; Information Security Analysts and Consultants; Internal Auditors and Audit Consultants; QA Specialists, Secure Software Engineering – Develops, modifies, enhances, and sustains new or existing computer applications, software, or utility programs following software assurance best practices throughout the software lifecycle.
- Students will be able to produce software components that satisfy their functional requirements without introducing vulnerabilities
- Students will be able to describe the characteristics of secure programming
- A step by step methodology and models for effective software testing
- A plan for on-the-fly testing
- How to develop an insight to find those hard-to-find bugs
- How to attack Inputs and Outputs from the User Interface
- How to attack Data and Computation from the User Interface
- How to attack the File System Interface
- How to attack the Software/OS Interface
- How to use Holodeck Lite to inject faults for File System and OS testing
Text Materials: labs, SU Pen Testing Materials, resource CD’s and attack handouts.
Machines a Dual Core 4M Ram, 350 Gig drives, running MS OS, linux, and VMWare Workstation
Tools for class - Whois, Google Hacking, Nslookup , Sam Spade, Traceroute , NMap , HTTrack , Superscan , Nessus, PSTool,
Nbtstat, Solarwinds ,Netcat , John the ripper , Nikto/Wikto ,Web Scarab , HTTP Tunnel (hts.exe) , LCP ,Cain and Abel, Ettercap system hacking ,John the Ripper Wireshark sniffers, TCP dump, D sniff , tcpdump, Metasploit, ISS exploit, web app,Core Impact , Snort , Infostego, Etherape ,Firefox with plugins (Hackbar, XSSme...) ,, ebgoat, X Wget, Cyrpto tool, 'Curl', Ounce, Fortify.
Lesson Plan 40 hrs lecture/ 32 hrs labs
Lesson 1 & 2
8 hrs Lecture 5 hr Labs
I. Introduction Are you a Hacker or a Tester? Learn the difference
- Learn about the three characteristics of good testing
- Where are the bugs? Learn methods to seek the "hidden" ones
- Overview of Fault models
2 hrs Lecture 0 hr Labs II. Understanding the Environment
Learn the difference between the four interfaces to your application
Why does each environmental interface need to be attacked?
Gain the knowledge regarding the environment so you can find more bugs
2 hrs Lecture 2 hr Labs III. Software Capabilities
Understand the four capabilities and how they affect you as a tester
Learn how to seek the bugs that destroy the software's capabilities
Lesson 31 hrs Lecture 5 hr Labs
IV. Software Testing Learn the two most important factors to ensure great testing
2 hrs Lecture 1 hr Labs
V. An Overview of the Methodology of How To Attack Software
What are the four basic capabilities of software?
Learn how to determine which attacks apply to your application.
Understand the secret to structuring your attacks into related scenarios.
Learn how to conduct an attack and recognize success
a.) The User Interface (UI)
What are the four areas within the UI that need to be tested?
Learn how these areas interact and why they can be difficult to test
Lesson 4 3 hrs Lecture 3 hr Labs
UI Areas 1 & 2 - The Input and Output Domains Understand the two domains and why they are so important to attack
Learn the six input domain attacks and how to apply them
Learn how to test inputs tested individually and in combination
Learn the four output domain attacks and how to apply them
Learn the secret to concentrating on what incorrect results could occur and then find the inputs to force them
Lesson 5 1 hrs Lecture 2 hr Labs
UI Area 3 -Stored Data Explore how stored data can become corrupted
Learn how to successfully apply four stored data attacks
1 hrs Lecture 2 hr Labs
UI Area 4- Computation
Understand what computation is happening inside the program
Learn four testing techniques that "get in the way" of the desired computation
b.) The Kernel Interface
Learn how memory can cause applications to fail
Learn how to effectively test the kernel through "controlled" testing
c.) The File System Interface
Understand how the file system can cause applications to fail
Learn and use two important attacks to evaluate the vulnerabilities in the file system interface
d.) The Software Interface
Understand how reused software can cause applications to fail
Learn and use two important methods to test the software interface
Grades -All students must ordinarily take all quizzes, labs, final exam and submit the class practical in order to be eligible for a Q/ISP, Q/IAP, Q/SSE, or Q/WP credential unless granted an exception in writing by the President. Know that Q/ISP classes draws quite the spectrum of students, including "those less comfortable," "those more comfortable," and those somewhere in between. However, what ultimately matters in this course is not so much where you end up relative to your classmates but where you end up relative to yourself in on FriLesson of class. The course is graded as a pass or fail solely on your attendance and participation. Those less comfortable and somewhere in between are not at a disadvantage vis-à-vis those more comfortable. Escalating labs help you prepare for real world scenarios. Each labs escalates upon itself, increasing in intensity, rising to the next level, while your mitigating the threat step by step
Books – 3 Ebooks are provided for this course. No external books are required. However, you may want to supplement your preparation for or review of some lectures with self-assigned readings relevant to those lectures' content from either of the books below. The first is intended for those inexperienced in (or less comfortable with the idea of) hacking. The second is intended for those experienced in (or more comfortable with the idea of) hacking. Both are available at sites like Amazon.com. Both are avail at the SU Hacker Library. Realize that free, if not superior, resources can be found on the SU website.
Those Less Comfortable – Hacking Wireless for Dummies, Kevin Beaver - Publication Date: January 29, 2013
For Those More Comfortable The Basics of Hacking and wireless Penetration Testing: Ethical Hacking and Penetration Testing Made Easy by Patrick ngebretson (Jun 24, 2013) The book below is recommended for those interested in understanding how their own computers work for personal systems. This last book below is recommended for aspiring hackers, those interested in programming techniques and low-level optimization of code for applications beyond the scope of this course. Hacker’s Delight, Second Edition Henry S. Warren Jr. Addison-Wesley, 2012 ISBN 0-321-84268-5