4 Security Testing
4 Security Testing
Business
Context
5
Carry out fixes
And validate
Stage 1:
Understand Business Context
Risk management
Occurs in a business context
Affected by business motivation
Key activity of an analyst
Extract and describe business goals – clearly
Increasing revenue; reducing dev cost; meeting SLAs;
generating high return on investment (ROI)
Set priorities
Understand circumstances
Stage 2: Identify the business &
technical risks
Business risks have several impacts
Direct financial loss; loss of reputation; violation of
customer or regulatory requirements; increase in
development cost
Severity of risks
Should be captured in financial or project
management terms
Key is –
tie technical risks to business context
Stage 3: Synthesize and rank the
risks
Prioritize the risks alongside the business goals
Assign risks appropriate weights for resolution
Risk metrics
Risk likelihood
Risk impact
Number of risks mitigated over time
Stage 4: Risk Mitigation Strategy
Develop a coherent strategy
For mitigating risks
In cost effective manner; account for
Cost Implementation time
Completeness Impact
Likelihood of success
A mitigation strategy should
Be developed within the business context
Be based on what the organization can afford, integrate and
understand
Must directly identify validation techniques
Stage 5: Carry out Fixes and
Validate
Execute the chosen mitigation strategy
Rectify the artifacts
Measure completeness
Estimate
Progress, residual risks
Validate that risks have been mitigated
Testing can be used to demonstrate
Develop confidence that unacceptable risk does
not remain
Risk Mitigation Framework - A Multi-loop
Risk management is a continuous process
Five stages may need to be applied many times
Ordering may be interleaved in different ways
Risk can emerge at any time in SDLC
One way – apply in each phase of SDLC
Risk can be found between stages
Level of application
Primary – project level
Each stage must capture complete project
SDLC phase level
Artifact level
It is important to know that Risk Mitigation is
Cumulative
At times arbitrary and difficult to predict
Seven Touchpoints
Cost of fixing defect at each
stage
Architectural risk analysis
Design flaws
about 50% of security problem
Can’t be found by looking at code
A higher level of understanding required
Risk analysis
Track risk over time
Quantify impact
Link system-level concerns to probability and impact
measures
Fits with the RMF
ARA within RMF
2 Measurement and reporting
Identify
the Business Technical
Risk expertise
Artifact Analysis
1 4 5
Understand Business Define the Risk
Synthesize and
the Business Context Mitigation
Rank the Risks
context Strategy
3 Identify
the Technical
Risk
Artifact Analysis
7 6
Validate the
Initiate process Fix the artifacts
artifacts
improvement Validation loop
ARA process
Attack resistance analysis
Steps
Identify general flaws using secure design literature
and checklists
Knowledge base of historical risks useful
Map attack patterns using either the results of abuse
case or a list of attack patterns
Identify risk based on checklist
Security testing
Should start at feature or component/unit level
testing
Must involve two diverse approaches
Functional security testing
Testing security mechanisms to ensure that their
functionality is properly implemented
Adversarial security testing
Performing risk-based security testing motivated by
understanding and simulating the attacker’s approach
Abuse cases
Creating anti-requirements
Important to think about
Things that you don’t want your software to do
Requires: security analysis + requirement analysis
Anti-requirements
Provide insight into how a malicious user, attacker,
thrill seeker, competitor can abuse your system
Considered throughout the lifecyle
indicate what happens when a required security
function is not included
Abuse cases
Creating an attack model
Based on known attacks and attack types
Do the following
Select attack patterns relevant to your system –
build abuse case around the attack patterns
Include anyone who can gain access to the system
because threats must encompass all potential
sources
Also need to model attacker
Security requirements and
operations
Security requirements
Difficult tasks
Should cover both over functional security and
emergent characteristics
Use requirements engineering approach
Security operations
Integrate the security operations
e.g. software security should be integrated with
network security
Research Motivations
Absence of Data-set: So we are in need of an
efficient data-set for analyzing Intrusion Detection
Systems.
Machine-Learning Techniques will improve the
security by around 200%.
Marking threats according to their effect on
vulnerability is needed to draw architecture for
software security.
All Viruses, Trojans and Malwares should be
studied and handled carefully to make our system
strong enough against these, in real- time.
Latent Errors: How Many Errors are Still
Remaining?
Make a few arbitrary changes to the program:
◦ Artificial errors are seeded into the program.
◦ Check how many of the seeded errors are detected during
testing.
Error Seeding
Let:
◦ N be the total number of errors in the system
◦ n of these errors be found by testing.
◦ S be the total number of seeded errors,
◦ s of the seeded errors be found during testing.
Error Seeding
n/N = s/S
N = S n/s
Remaining defects:
N - n = n ((S - s)/ s)
Quiz 2
100 errors were introduced.
90 of these errors were found during testing
50 other errors were also found.
Find errors remaining in code.
Quiz 2: Solution
100 errors were introduced.
90 of these errors were found during testing
50 other errors were also found.
Remaining errors=
50 (100-90)/90 = 6
Challenges in Error Seeding
The kinds of seeded errors should match closely
with existing errors:
◦ However, it is difficult to predict the types of errors that
exist.