Explain what a vulnerability is?
A characteristic or property of a system that can be exploited, to access functionality, information or resources that should not be available.
Explain what a threat is?
Some possible danger that could lead to a vulnerability being exploited.
Explain what a risk is?
The impacts to an organization that arise due to threats.
Define the term Security Testing
Identifying vulnerabilities and ensuring mitigation of risks and threats.
Building trust in critical infrastructures.
Building on past experience of others.
- Libraries of attacks and exploits.
- Historical records of what has worked.
Using a variety of techniques. From testing through to audit. To provide defense in depth.
Why is mobile and web security so important for organizations?
Many attack vectors.
Many devices, not always up to date.
Powerful capabilities on the device.
Significant integration with cloud/servers.
What are some potential countermeasures of an organization to protect mobile and web systems?
Protections at OS and browser level.
Protection in communication protocols.
Resource monitoring, network monitoring
Manufacturer surveillance.
User awareness. Security training.
What are some features of Android OS that provide some security
Unix file directory and permission model
Process memory isolation and memory protection
Filesystem encryption.
App restrictions
digital rights.
What are Signed Apps?
Coded with a private dev key. On android and iPhone apps must be signed in market.
Manual approval reduces chances of rogue apps.
Apps bought on official stores are generally thought to have been audited.
What are some problems with android regarding apps?
Apps can ask for too many permissions, that the user may inadvertently approve or not understand
Updates to apps may change permissions.
Spammy apps, resist install, show ads like system/OS UI… etc.
Define Security through Obscurity?
Relying on the fact that attackers don’t know something needed to harm you.
If you had a file with all the passwords of a system but the attackers do not know it is there.
Example: guessing common file/folder/commands to see what happens.
Define methods of Secure authentication
Force users to login to your system before performing sensitive actions.
User secure protocols (https…) to prevent sniffing
Force users to use strong passwords.
Define Principle of Least Privilege?
Granting just enough authority to get the job done, not more! ex: don’t run code as root unless really necessary.
Turn off unnecessary services on your server:
- SSH, VNC, sendmail…
- Close all ports except 80, and any others needed for web traffic.
How do you sanitize inputs?
Encoding and filtering untrusted user input before accepting it into a trusted system.
Encode/sanitize input text that is displayed back to the user.
- Check type, format, length
- Disallow entry bad data into a graphical form
- Remove any SQL code from submitted user names.
How can you help make sure the code you are writing is secure?
Before coding:
- Consider security in design.
While coding:
- Code reviews
- Security audits
- pair programming
After code is written:
- Walkthroughs
- System security audits
- System/functional security testing
- Penetration tests.
What is a Security Audit
Series of checks and questions to assess the security of your system.
- Can be done externally or internally.
- Best if done as a process, not individual event.
What is a penetration test?
Targetted white hat attempt to compromise your system’s security.
What is risk analysis?
Assessment of relative risks of what can go wrong if security is compromised.
Define OWASP top 10 issues for mobile apps that talk to web apps
- Identify and protect sensitive data on the mobile device.
- Handle password credentials securely on device
- Ensure data is protected in transit.
- Implement user authentication and session management properly
- Keep back end APIs (services) and platform (server) secure.
- Data integration with third party apps securely.
- Pay attention to collection and storage of consent for collection and use of user data.
- Implement controls to prevent unauthorized access to paid-for resources.
- Ensure distribution/provisioning of mobile apps.
- Check runtime interpretation of code for errors.
What is a man in the middle attack?
Unauthorized third party can hear web traffic on its hops between client and server.
Should use HTTPS secure protocol built on Secure Socket Layer (SSL)
What is a denial of service attack?
Attacker causes web server to be unavailable.
How:
- Frequent requests many pages from a web site. (DDOS would use multiple systems for this).
- Server cannot handle so may requests at a time, so it meltsdown (or becomes slow)
Problems arise:
- Users cannot get to your site.
- loss in revenue
- Server may crash and corrupt data
- All the bandwith may cost you a lot.
What is packet sniffing?
Listening to traffic sent on a network.
- Many protocols (http, aim, email) are unsecure to this.
- If an attacker is on the same (LAN) as you. he can;
1. read your emails/IMs as you send them
2. See what pages you view.
3. Grab your password as it’s being sent.
What can you do:
- encrypt
- Use secure protocols (SSH, HTTPS)
What is password cracking?
Guessing the password of privileged users of your system
Brute force: Attacker sequentially tries every possible password.
Dictionary: uses software that sequentially tries passwords based on words in a file (dictionary)
What can you do?
- force users to have secure passwords.
- Block IPs from logging in after N failed attempts.
What is Phishing?
Masquerading mails or web sites. Related to Social Engineering: Attempting to manipulate others to fraudulently acquire passwords or other sensitive information.
- If trusted users are compromised, attackers can login as those users and compromise your entire system.
How can one gain elevated privileges?
A flaw in your system allows an attacker to gain elevated permissions and wreak havoc
-
What is Software Testing?27
-
Changing your testing as your world changes22
-
Clear testing goals22
-
Reviews and Evaluating Testing Methods25
-
Test Driven Development7
-
Static Analysis18
-
Test Planning, Strategies and the Delights of Monitoring42
-
Technology Specific Testing Methods10
-
Security Testing30
-
Non-Functional Testing6
-
Choosing a Testing Approach in a Complex World15
