SSE ch 9 video
Security Testing Techniques
Overview
Discussion on security testing techniques
Focus on both theoretical and practical aspects of security testing
Essential for ensuring not only functionality but also security of software systems
Types of Tests in Software Engineering
Unit Tests
Tests individual units of code (e.g., functions, classes)
Example: Testing a function that performs encryption to ensure correct functionality
Integration Tests
Tests interaction between multiple modules
Checks if integrated components work together as expected
Non-Functional Requirements
Requirements such as performance, reliability, security should also be tested
Example: A sorting function should sort numbers correctly and also do it within a specified time (e.g., 5 milliseconds)
Modern Testing Frameworks
Tools for testing in various programming languages
Python: PyTest
Java: JUnit
These frameworks help in implementing both functional and non-functional security tests
Security Testing Methodologies
Static Application Security Testing (SAST)
Involves analyzing code without executing it
Provides early detection of issues
Prevents exploitation of hidden vulnerabilities
Coverage metric: Measures ratio of tested units to total units
Example: If a project has 2,000 functions and only 1,500 are tested, the coverage is 75%
Dynamic Application Security Testing (DAST)
Involves testing applications while they are running
Addresses behaviors that may not be present until runtime
Can simulate attacks to find vulnerabilities, such as SQL injection
Coverage Metrics
Importance of coverage metrics in evaluating testing effectiveness
Percentage of functions tested indicates sufficiency of tests
Low coverage can indicate potential missed vulnerabilities
Linters
Tools that analyze code style without executing it
Help ensure code readability and adherence to coding standards
Some linters can detect common security issues, e.g., SQL injection patterns
Shift Left Testing
Concept of incorporating testing earlier in the development lifecycle
Write tests based on requirements before the code is developed
Test Driven Development (TDD): Write tests first; implementation follows to pass the tests
Example of TDD
Before creating a sort function, a test determines what the sorted output of a given list should look like
Example Input: [5, 2, 8, 9, 16, 3002, 4]
Expected Output: [2, 4, 5, 8, 9, 16, 3002]
Types of Testing Defined
Static Testing (SAST)
Examines code (source or byte code) for flaws without execution
Dynamic Testing (DAST)
Tests the application in real-time to verify behavior under execution
Implementing Security Testing
Importance of integrating both SAST and DAST for comprehensive coverage
SAST catches obvious code flaws early, DAST addresses functionality at runtime
Continuous Integration (CI) practices should incorporate both testing methods
Testing Frameworks and Tools
Example Tools
OWASP
Metasploit
SonarQube
Zed Attack Proxy
Interpreting Test Results
Analyze reports to identify high severity vulnerabilities
Correlate findings from multiple tools for accuracy
Validate tool-generated findings manually to ensure correctness
Challenges in Security Testing
Achieving complete coverage is difficult with large codebases
Managing false positives: Occurrences where a tool indicates a problem that does not exist
Potentially leads to a "boy who cried wolf" scenario
Ensure continuous communication with developers to manage engagement with testing
Keep up with evolving attack patterns and update testing practices
Conclusion
A well-defined security plan is essential
Define roles, responsibilities, testing environments, and tools
Metrics for success should be clear (e.g., coverage targets)
A security-focused testing approach is critical to maintain trust and adherence to compliance in software development.