安全性测试

\u00a0<\/p>

Attack surfaces could include for example:<\/p>

• which ports are open to the computer (8080, 443, 1521 etc.)<\/li>\t
• how visible the computer is (is ICMP\/PING availalble, firewall access & which domain trusts can see it)<\/li>\t
• what permission sets are setup - which accounts can access it? parts of it? are these in line with best practices (i.e. OS administrator account with no password)<\/li>\t
• what folders are shared, what has read access, what has write access<\/li>\t
• is the OS and installed software patched upto date, are there known vulnerabilities with the these software as listed on popular, common security databases of attacks in the wild<\/li>\t
• for a given database, what level of server, database, table and security account permissions are setup. Are these in line with best practices (i.e. leaving the SQL Server \u2018sa\u2019 account enabled)<\/li>\t
• for a website login page, the tools will attempt various attacks like entering malformed SQL in the username & password fields to check for SQLi attacks, malformed javascript to check for XSS attacks and more<\/li><\/ul>

  The hard part isn\u2019t so much using these tools which do most of the stuff for you, it\u2019s investigating the results & writing an end vulnerability findings report. For that you need really expert security testing members who are highly trained & experienced. It\u2019s really not an easy role & like general network security, these members need to be constantly informed, constantly learning of new threats.<\/p>","quoteUsername":"alex_read","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote & Reply","Share":"Share"}}}">

  • 就像
  • 报价和回复

• SAST (Static Application Security Testing)<\/strong> is probably the most frequently used one. It scans the code to find security vulnerabilities earlier in the software development life cycle. Most of the companies are using it, some of the platforms even have the free version of a SAST tool already integrated. They are a lot of fancy plugins that can also be used to add the tool right into your IDE so you can for example scan the code after each save or commit.<\/li>\t
• DAST (Dynamic Application Security Testing)<\/strong> is quite useful when you are looking for vulnerabilities and weaknesses in a running application (typically a web application). It does so by employing fault injection techniques (feeding malicious data) to uncover stuff such as SQL injections and cross-site scriptings. Compared to it\u2019s static counterpart it can also uncover some of the authentication and configurations issues (for example\u00a0some of the flaws might only be visible once user logs in).<\/li><\/ul>

  SAST is the example of white-box testing as you have to have the access to the source code. DAST on the other hand represents the black-box testing as it is trying to test the running application.<\/p>

  \u00a0<\/p>

  There are some free and paid versions with each tool having it\u2019s ups and downs. I won\u2019t be naming the exact tools but if you look for the \u201cTOP10\u201d you should be able to find them easily.<\/p>

  \u00a0<\/p>

  There are also IAST, RASP and much more, but we can stick to these two for the majority of businesses. :)<\/p>","quoteUsername":"hungoboss","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote & Reply","Share":"Share"}}}">

  • 就像
  • 报价和回复