Software security is a broad and complex subject, and every new piece of software may have new security flaws that don't fit all known patterns. It is impractical to protect against every possible type of attack due to security flaws. In software security testing, it is very important to use a set of good principles to prevent unsafe software from being launched and unsafe software from being attacked.
1. Basic concepts of software security testing
Software security testing includes program, network, and database security testing. According to different system security indicators, testing strategies are also different.
1. Issues to be considered in user program security testing include:
① Clearly distinguish different user permissions in the system;
② Whether there will be user conflicts in the system;
③ Will the system cause confusion due to changes in user permissions;
④ Whether the user login password is visible and reproducible;
⑤ Whether it is possible to log in to the system through an absolute way (copy the link after the user logs in and directly enter the system);
⑥ Whether all authentication marks have been deleted after the user exits the system, and whether it is possible to use the back button to enter the system without entering a password.
2. Issues to be considered in the testing of system network security include:
① Test whether the protective measures taken are correctly assembled and whether the relevant system patches are applied;
② Simulate unauthorized attacks to see whether the protection system is strong;
③ Use mature network vulnerability inspection tools to check system-related vulnerabilities;
④ Use various Trojan horse inspection tools to check the system Trojan horse situation;
⑤ Use various anti-cheat tools to check the client-cheat loopholes of each group of programs in the system.
3. Database security considerations:
① Whether the system data is confidential (for example, for the banking system, this is particularly important, and general websites do not have too high requirements);
② Integrity of system data;
③ System data manageability;
④ Independence of system data;
⑤ System data backup and restoration capabilities (whether the data backup is complete, whether it can be restored, and whether the restoration can be completed).
2. Issues to be considered according to software security testing
1. Protects the weakest link
It may come as no surprise to you that attackers often seek to exploit the most vulnerable areas. Even if they spend equal effort on all parts of your system, they're more likely to find problems in the parts of your system that need improvement the most. This intuition is broadly applicable, so our security testing should focus on testing the weakest parts.
If you perform a good risk analysis and conduct a security test of the weakest link, it should be very easy to identify the components that you think are the weakest components of the system, and eliminate the most serious risks, which is an important part of software security testing.
2. Whether it has the ability of defense in depth
The idea behind defense in depth is to test software using multiple defense strategies so that at least one layer of defense will prevent a complete hacker breach. The principle of "protecting the weakest link" applies when components have non-overlapping security functions. When it comes to redundant security measures, the overall protection provided is much stronger than that provided by any single component, and the testing of defense-in-depth capabilities is the principle that software security testing should follow.
3. Are there measures to protect against faults?
Plenty of examples appear in the digital world. Problems often arise due to the need to support insecure legacy software. For example, let's say the original version of the software was very "naive" and didn't use encryption at all. Now the software wants to correct this problem, but has established a large user base. Additionally, the software has deployed many servers that probably won't be upgraded for a long time. Newer, smarter clients and servers need to interoperate with older clients that have not been updated with the new protocol. The software wants to force older users to upgrade, and there is no expectation that older users will make up such a large portion of the user base that it will be a real nuisance anyway. What to do? Have the client and server examine the first message it receives from each other, and from there determine what happened. If we're "talking" to a piece of old software, then we're not performing encryption.
Unfortunately, a sophisticated hacker can force two new clients to think each other is the old client by tampering with the data as it traverses the network. To make matters worse, having support for full (two-way) backwards compatibility still doesn't eliminate the problem.
A better solution to this problem is to design from the start with a forced upgrade scheme; make the client detect that the server no longer supports it. If the client can safely retrieve the patch, it is upgraded. Otherwise, it tells the user that they must manually obtain a new copy. But be prepared to use this solution from the start, and early adopters will be offended.
It is very important to test whether the protective measures taken are properly assembled and whether the relevant system patches are applied. 4. Least privilege The principle of least privilege stipulates that only the least access rights necessary to perform operations are granted. It is
very important to test whether the protective measures taken are properly assembled and whether the relevant system patches are applied.
4. Least privilege
The principle of least privilege states: Make sure that only the least amount of access necessary to perform an operation is granted, and that access is granted only for the least amount of time required for use.
When software gives access to certain parts, there is generally a risk of abusing the privileges associated with that access. For example, let's say you go on vacation and give your friend the keys to your house so he can feed your pets, collect mail, etc. Although you may trust that friend, there is always the possibility that your friend will throw a party at your house or do other things that you don't like without your permission.
A programmer may wish to access some data object, but only to read from that object. However, for whatever reason, often the programmer actually needs more than the required privileges. Usually, the programmer is trying to make programming easier.
The principle of least privilege can be very effective if the access rights structure set by the software is not "all access or no access at all".
5. Separation
The basic idea behind partitioning is that if we divide a system into as many independent units as possible, then we can minimize the amount of damage that can be done to the system.
Typically, if an attacker exploits a buffer overflow in the code, does a raw write to disk and randomly modifies any data in memory where the kernel resides. There is no protection mechanism preventing him from doing so. Therefore, it is very important for the system to be moderately separated. The software must directly support the log files on the local disk that can never be wiped, which means that until
Accurate audit information cannot be maintained when an attacker breaks in.
Appropriate use of separation will facilitate the management of the system, but if each function is separated, the system will be difficult to manage.
3. The main purpose of security testing is to find potential safety hazards in the software’s own program design, and to check the application program’s ability to prevent illegal intrusion. According to different security indicators, the testing strategies are also different. If the same principles are followed, to prove the software’s security Security will be conducive to the implementation of software security testing work specifications and the development of software security testing work.
The security test checks the system's ability to prevent illegal intrusion. During the security test, the testers pretended to be illegal intruders and used various methods to try to break through the defense line. For example, ① trying to intercept or decipher passwords; ② custom-made software to destroy the protection mechanism of the system; ③ intentionally causing system failure, attempting to illegally enter while recovering; ④ trying to derive the required information by browsing non-confidential data, and so on. In theory, given enough time and resources, there are no inaccessible systems. Therefore, the principle of system security design is to make the cost of illegal intrusion exceed the value of the protected information. At this time, the illegal trespasser has no profit.
Security testing is used to verify whether the protection mechanism integrated in the system can actually protect the system from illegal intrusion. As the saying goes: "A system's security must, of course, be able to withstand attacks from the front—but it must also be able to withstand attacks from the side and from behind."
During security testing, the tester plays the role of an individual trying to attack the system. Testers can try to obtain system passwords through external means, and can use client software that can break down any defenses to attack the system; they can "subdue" the system so that others cannot access it; Intrude into the system during system recovery; you can find the key to enter the system and so on by browsing the non-confidential data.
Given enough time and resources, good security testing is sure to eventually break into a system. The task of the system designer is to design the system so that the price paid for breaking the system is greater than the value of the information obtained after breaking the system.
Network security learning resource sharing:
zero-based entry
For students who have never been exposed to network security, we have prepared a detailed learning and growth roadmap for you. It can be said that it is the most scientific and systematic learning route, and it is no problem for everyone to follow this general direction.
————————————————
Copyright statement: This article is an original article of CSDN blogger "Middle-aged Ape Man", following the CC 4.0 BY-SA copyright agreement, please attach the original source link and this statement.
Original link: https://blog.csdn.net/2301_76161259/article/details/129561319