Security Testing Solutions for Software Applications - PowerPoint PPT Presentation

About This Presentation
Title:

Security Testing Solutions for Software Applications

Description:

Security Awareness and Training . ... Ship. Post-Ship. Security Tests. System Testing. Security Scoping. Security sign-off . criteria. Business Analyst . Review ... – PowerPoint PPT presentation

Number of Views:201
Avg rating:3.0/5.0
Slides: 16
Provided by: siliconin
Category:

less

Transcript and Presenter's Notes

Title: Security Testing Solutions for Software Applications


1
Security Testing Solutions for Software
Applications
  • July 3rd, 2010

2
Our Objective for today
  • Discuss on some of our common security
    concerns in any organization
  • Identify our priority area on Security Testing
  • What approach do we take to build Solutions
    around Security Testing
  • Discuss on key focus areas while building
    Solutions
  • A quick overview of Testing Approach under
    different Situations

3
Security Concerns of an Organization
4
Challenges Web Applications are More Prone to
Vulnerabilities
  • Frequent
  • 3 out of 4 business websites are vulnerable to
    attack (Gartner)
  • Pervasive
  • 75 of hacks occur at the Application level
    (Gartner)
  • Undetected
  • QA testing tools not designed to detect security
    defects in applications
  • Manual patching - reactive, never ending, time
    consuming and expensive
  • Dangerous
  • When exploited, security defects destroy company
    value and customer trust

gt2000 application Healthchecks with AppScan
98 vulnerable all had firewalls and encryption
solutions in place Source AppsScan Newsletter
5
Hacking attempts on our favourites
Twitter Twitter knocked
offline by DDoS attack. Popular micro blogging
service Twitter was knocked offline for an
extended period this morning by what appears to
be a massive distributed denial-of-service
attacks. Hacking Amazons Cloud and Other Web
2.0 Threats Amazons cloud can be hacked for
BitTorrent use (and has), and social network
sites are hotbeds for cyber crime (surprised?).
  • Facebook Accounts Hacked Sold
  • Facebook is not able to estimate how many more
    accounts may be compromised by other hackers.

MySpace MySpace, an even larger social
networking site with an estimated 250 million
users, has been subverted on multiple occasions
by malware attackers during the last year.
6
Cost of Fixing Security Flaws Rises Dramatically
Post Deployment
7
Approach to building a Security Ecosystem in the
organization
Security Concerns can be addressed by building
Strong Solutions around Technology , and
Security Process foundations
8
Typical Solutions on Security Testing
9
Technology Solutions
  • Non Functional Areas
  • Benchmarking against OWASP Top 10
  • Secure Code Review
  • Database Security
  • Secure Deployment
  • Functional Areas
  • Access Control
  • Authentication
  • Auditing Capabilities
  • Data Encryption during Storage and Transmission
  • Testing Strategies
  • SAST
  • DAST
  • Secure Product Engineering

10
Typical Scope of Application Security Testing
  • Application Attack Techniques
  • Cross-Site Scripting
  • SQL Injection
  • Command Injection
  • Cookie/Session Poisoning
  • Parameter/Form Tampering
  • Buffer Overflow
  • Directory Traversal/Forceful Browsing
  • Cryptographic Interception
  • Cookie Snooping
  • Authentication Hijacking
  • Log Tampering
  • Error Message Interception
  • Attack Obfuscation
  • Application Platform Exploits
  • DMZ Protocol Exploits
  • Security Management Attacks
  • Zero Day Attacks
  • Network Access Attacks

11
Security Regulations
  • Driving Needs
  • Protection of Customer Data
  • Credit Card Data protection during transmission
  • Integrity of Financial Records in electronic
    format
  • Patient Health Records protection
  • Security Regulations
  • PCI-DSS
  • PA-DSS
  • HIPAA
  • SOX

12
Building Domain Specific Solutions
  • Domain Solutions
  • Retail
  • Healthcare
  • Financial
  • Storage

13
Approach of Security Assessment for Shorter
Lifecycles
  • Business logic flaws
  • SQL injection faults
  • Cross site scripting (CSS) vulnerabilities
  • Authentication vulnerabilities
  • Session ID flaws
  • Cookie manipulation and poisoning
  • Privilege escalation
  • Cross site request forgery (CSRF) risks
  • Code and content manipulation
  • Header manipulation
  • Gap Analysis
  • Result Reporting
  • Business Impact Analysis
  • Benchmarking Application against OWASP
    standards
  • Defect Remediation suggestions
  • Presentation of Assessment Report
  • Understand Business Process
  • Understand Product Architecture and data flow
  • Application Foot printing
  • Enumeration of Services
  • Security Threat Modeling
  • Defect Validation
  • Basic Check on Top 10 Vulnerabilities
  • ( Adhoc)

14
Approach of incorporating Security
Testing throughout

Product Lifecycle
15
  • Thank You !!!
  • Joyabrata.Burman_at_symphonysv.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Security Testing Solutions for Software Applications" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!