How do I conduct a security test?

1. Functional verification

Functional verification is the use of software testing in the black box test method, involving security software functions, such as: User Management module, Rights Management module, encryption system, authentication system and other testing, mainly verify that the above function is effective, the specific method can use black box test method.

2. Vulnerability Scan

Security vulnerability scanning is usually done with the help of a specific vulnerability scanner. A vulnerability scanner is a program that automatically detects remote or local Host security weaknesses. By using the vulnerability scanner, the system administrator can discover the security loopholes in the information system, so as to be "targeted" in the Information System network security station, and fix the loopholes in time. As a general standard, vulnerability scanning can be categorized into two types: Host vulnerability Scanner (hosts Scanner) and network Vulnerability Scanner (NET Scanner). Host vulnerability scanner is a program that runs the system to detect system vulnerabilities locally, such as the famous Cops, Tripewire, and tiger free software. Network vulnerability scanner is a program based on network remote detection target network and host system vulnerability, such as Satan, ISS Internet scanner, etc.

Security vulnerability scanning can be used for routine security protection, and as a means of testing a software product or information system, a vulnerability can be found and prevented before a security breach is seriously compromised.

3. Simulated attack experiment

For security testing, the simulated attack test is a special set of black box test cases that we use to simulate attacks to verify the security capabilities of the software or information systems, and briefly enumerate several attacks that are of particular interest in data processing and data communication environments. In the following items, there are two terms "authorized" and "non-authorized". "Authorization" means "conferring power", which contains two meanings: The power here is the power to carry out a certain activity (for example, access to data), and such power is granted to an entity, agent or process. Thus, the act of authorization is to perform those activities that have been delegated authority (not revoked).

Impersonation: It is an entity that pretends to be a different entity. Impersonation is often used in conjunction with certain other forms of active attack, especially the repetition and tampering of messages. For example, the identification sequence is intercepted and reused once after a valid authentication sequence has been used. An entity with few privileges may use an entity that pretends to have these privileges in order to gain additional privileges, for example, as follows.

1) password guessing: Once a hacker has identified a host and discovered a user account that is available based on NetBIOS, Telnet, or NFS services, and has successfully guessed the password, the machine can be controlled.

2) Buffer overflow: Because programmers in many service programs use a function similar to "strcpy (), strcat ()" Without a valid bit check, it could eventually lead to a malicious user writing a small program to further open the security gap, The code is then placed at the end of the buffer payload so that when a buffer overflow occurs, the return pointer points to the malicious code and executes a malicious instruction to gain control of the system.

Replay: A repetition occurs when a message or part of a message is repeated in order to produce a non-authoritative effect. For example, a valid message that contains authentication information may be repeated by another entity to identify itself (treat it as another entity).

Message tampering: The content transmitted by the data is altered without being detected and results in unintended consequences, as shown below.

1) DNS cache pollution: Because the DNS server is not authenticated when exchanging information with other name servers, this allows the hacker to add incorrect information and direct the user to the hacker's own host.

2) Forged e-mail: Because SMTP does not authenticate the identity of the sender of the message, hackers can forge e-mails to internal customers claiming to be from someone that a customer knows and trusts, with an installable Trojan horse program, or a link to a malicious Web site.

Reprint Address: http://mp.weixin.qq.com/s?__biz=MjM5Mjg0MzMzMw==&mid=212933365&idx=3&sn= 035ec428d779f7bb8bde46e3a3f9737c&scene=0#rd

How do I conduct a security test?