Chapter 9 - 04 - Application Security Testing Techniques and Tools - 02_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
OCRed
Tags
Related
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 01_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 02_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 03_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 04_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 05_ocred.pdf
- Certified Cybersecurity Technician Application Security PDF
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Application Security Web Application Fuzz Testing O Web application fuzz testing (fuzzing) is a black-...
Certified Cybersecurity Technician Exam 212-82 Application Security Web Application Fuzz Testing O Web application fuzz testing (fuzzing) is a black-box testing method. It is a quality checking and assurance technique used to identify coding errors and security loopholes in web applications O Huge amounts of random data called ‘Fuzz’ will be generated by the fuzz testing tools (Fuzzers) and used against the target web application to discover vulnerabilities that can be exploited by various attacks O Employ this fuzz testing technique to test the robustness and immunity of the developed web application against attacks like buffer overflow, DOS, XSS, and SQL injection Fuzz Testing Scenario Attack Script: Setup('WebApplicationName’) do @host = “localhost” @port=80 Feeeeeseesd > Fuzz Program end Web Application Fuzz Testing Web application fuzz testing (fuzzing) is a black box testing method. It is a quality checking and assurance technique used to identify coding errors and security loopholes in web applications. Massive amounts of random data called “fuzz” are generated by fuzz testing tools (fuzzers) and used against the target web application to discover vulnerabilities that can be exploited by various attacks. Attackers employ various attack techniques to crash the victim’s web applications and cause havoc in the least possible time. Security personnel and web developers employ this fuzz testing technique to test the robustness and immunity of the developed web application against attacks such as buffer overflow, DOS, XSS, and SQL injection. Steps of Fuzz Testing Web application fuzz testing involves the following steps: = |dentify the target system * |dentify inputs * Generate fuzzed data = Execute the test using fuzz data = Monitor system behavior = Log defects Fuzz Testing Scenario The diagram below shows an overview of the main components of the fuzzer. An attacker script is fed to the fuzzer, which in turn translates the attacks to the target as http requests. These Module 09 Page 1194 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Application Security http requests will get responses from the target and all the requests and their responses are then logged for manual inspection. Attack Script: Setup(‘WebApplicationName’) do @host = "localhost” @port=80 eeesesees > eeeeeseens Fuzz Program end v Logs Figure 9.11: Web application fuzz testing scenario Module 09 Page 1195 Certified Cybersecurity Technician Copyright © by EG-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Application Security Application Whitelisting QO Application whitelisting is a security practice to control access by Whitelisting Approach allowing only aa list of approved applications, software, emails, pes domains, etc. (whitelisted applications) QQO It automatically denies access to all applications other than the fi —E Trust Centric whitelisted applications OQ An application whitelist includes all the required (allowed) applications l Deny By Default (Do Not Run) Implementing application whitelisting helps in the following: (Do Not Run the » Protecting the applications in the organization from malware attacks » Mitigating zero-day attacks » Increased visibility and greatly reduced attack surface » Security independent of constant application updating » Reduced bring-your-own-device (BYOD) risk Application Whitelisting Application whitelisting is a form of access control that allows only specific programs to run. Unless a program is whitelisted, it is blocked on a host. Application whitelisting technologies are also called application control programs or whitelisting programs. The approach of application whitelisting is trust centric. By default, applications that are not in the whitelist are prevented from being executed. To allow the execution of any program or application, the security professional must add it in the application whitelist. —»E Trust Centric Deny By Default (Do Not Run) Is No Deny Application (Do Not Run the on Whitelist? Application) l ves Allow (Run the Application) Figure 9.12: Whitelisting approach Module 09 Page 1196 EG-Council Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Application Security Any runtime process, host, application and application components (plug-ins, configuration files, software libraries, and extensions), email addresses, port numbers, etc. can be used to create a whitelist. Advantages of Whitelisting Implementing application whitelisting ensures the confidentiality, integrity, and availability of data. Application whitelisting provides security professionals and organizations the following benefits. Protection against malware attacks The whitelisting of applications in an organization can prevent malware attacks. Any application that is not in the whitelist is blocked. Mitigating zero-day attacks Generally, attackers start exploiting vulnerabilities once a software patch is released. Occasionally, malware for unpatched systems is ready to be deployed in a short time window during which a new patch has not yet been tested or implemented. Antivirus vendors also take time to identify new signatures to produce and distribute. Implementing application whitelisting hinders the execution of such vulnerabilities. Improved efficiency of computers Application whitelisting prevents unauthorized applications from running in organizations, improving the efficiency of computers. Increased visibility and greatly reduced attack surface Application whitelisting removes many basic attacks by protecting against the attack vector of download and execute. Application whitelisting enables organizations to track which applications are running or blocked on company systems. Improving the capability of monitoring and controlling applications greatly reduces the attack surface area, unauthorized changes to applications, and inspection requirements. Reclaiming bandwidth from streaming or sharing applications Application whitelisting avoids the significant use of resources to operate unapproved and unnecessary applications, ensuring the optimal utilization of company resources in organizations. Application whitelisting limits the exposure of social media applications, bans certain websites, eliminates games, and blocks other destructive applications that consume excessive employee time and network bandwidth. Avoiding organizations from facing lawsuits or paying unnecessary license fees Application whitelisting helps organizations avoid troubles such as lawsuits or license fees for unknowingly using unlicensed or illegal applications. Security independent of constant application updating Unlike antivirus programs, application whitelisting solutions do not need to get updated periodically to be active. Module 09 Page 1197 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Application Security = Easier attack detection Attack detection becomes easier when many attack activities are blocked, and attacks generate a lot of noise. The noise created by attackers provide valuable information to incident response teams. This helps in measuring how long it takes for an antivirus solution to detect the existence of malware or changes on a system. * Reduced bring-your-own-device (BYOD) risk Application whitelisting reduces BYOD risk through the enforcement of mobile- application policies. Module 09 Page 1198 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.