Testing for Security

Links from the class materials and other supplemental information, grouped by chapter:

Chapter 1: Introduction

Additional links, not from the course text, or, software needed for the chapter:

Chapter 2: Security Testing Introduction

Links from the text:

• Planning for Testing by John D. McGregor
• Software Security Testing by Bruce Potter and Gary McGraw in IEEE Security \& Privacy Magazine, Sept--Oct, 2004
• Schneier on Security: Microsoft and FairUse4WM
• Securityfocus
• Bugtraq mailing list sign-up form
• Symantec's Internet Security Threat Report
• CERT
• US-CERT
• CWE
• Usenix
• Lecture notes for Introduction to Security---Fall '05 by Steve Bellovin

Chapter 3: Risk-based Testing

Links from the text:

• Crypto-Gram
• the CERT OCTAVE approach to threat modeling
• Hacking The Hill by Shane Harris
• Storm worm dethroned by sex botnet in CIO magazine
• Kraken botnet entry in Wikipedia
• Blue Security folds under spammer's wrath by Robert Lemos
• Slashdot reaction
• the STRIDE model
• Another STRIDE document
• OISafe
• Super Bowl XLI / Dolphin Stadium
• Dolphins' Web sites hacked in advance of Super Bowl by Robert McMillan
• New Trojan in mass DNS hijack by Dan Goodin
• Unpatched web vulns turn internet into drive-by warzone by John Leyden
• Insurance giant coughs to malware-related data breach by John Leyden
• IIS bug gives attackers complete server control by Dan Goodin
• Subverting Vista Kernel For Fun And Profit by Joanna Rutkowska
• Card-sniffing Trojans target Diebold ATM software by Dan Goodin
• Hacking a Voting Machine: Making Your Vote REALLY Count By Sean Fallon
• Zombies bite into Symbian smartphones by John Leyden
• 'Sexy View' SMS malware targets Symbian devices by John Leyden
• Rootkits on routers threat to be demoed by John Leyden
• Hacker jailed for revenge sewage attacks by Tony Smith
• Buggy home routers expose O2 customers to hijacking by Dan Goodin
• Xbox hacked to run Linux without mod chip: Microsoft must wish it were an April 1 joke
• 17 Mistakes Microsoft Made in the Xbox Security System by Michael Steil
• Technical Analysis of 007: Agent Under Fire save game hack
• Xbox Linux
• Hijacking iPhones and other smart devices using SMS by Dan Goodin
• Buggy 'smart meters' open door to power-grid botnet by Dan Goodin
• Microscope-wielding boffins crack Tube smartcard by Dan Goodin
• Risk Management by Stellar Logic

Chapter 4: Input Validation Vulnerabilities

Links from the text:

• information about buffer overflow history
• CWE 197
• CVE-2006-0145
• C99 standard
• CWE 190
• CWE 191
• The backwards-counting vote canvassing
• The one counterexample to closed-source election software that I am aware of
• The information about Microsoft delaying XP SP2
• image overflow code example
• wireshark
• StraceNT
• The Firefox Web Developer toolbar home page
• The Web Developer toolbar, from Mozilla.org
• IEWatch

Chapter 5: Fuzz testing (fuzzing)

Links from the text:

• Wikipedia entry on Fuzz testing
• University of Wisconsin Madison fuzz testing page
• OWASP page on fuzz testing
• OWASP Fuzz Vectors
• Robustness Testing of Software-Intensive Systems: Explanation and Guide by Julie Cohen, Dan Plakosh, and Kristi Keeler. CMU/SEI-2005-TN-015
• OPEN Process framework (OPF) Robustness Testing
• Codenomicon
• Microsoft tools
• darknet.org.uk fuzzing tools
• InfoSec Institute Fuzzers - The ultimate list
• Digital Dwarf Society
• HackSafe fuzz testing tool list
• Schemer from Fuzzware
• SCADASEC.net
• antiparser
• The Art of Fuzzing
• Peach Fuzzer Framework
• Peach Fuzzer Tutorial
• Python Tutorial
• Python Tutorial
• Python Library Reference
• Python Global Module Index
• Peach Fuzzer API documentation

Chapter 6: Injection vulnerabilities

Links from the text:

• The xkcd cartoon
• The Chris Rimmer threat
• Command Injection Impossible in Java and .NET?
• Command Injection In Java on Windows: 100\% Proven that it is 100\% Possible (in Certain Cases) by Dan Cornell
• Absinthe
• sqlmap
• sqlninja
• Pangolin
• WITOOL
• SQL injection tools
• SQL Injection Cheat Sheet

Chapter 7: Static code analysis

Links from the text:

• a long list of static analysis tools on Wikipedia
• Fortify
• Coverity
• Klocwork
• Ounce Labs
• Microsoft static analysis in Visual Studio
• FindBugs
• PMD
• Checkstyle
• BLAST

Chapter 8: Testing resource management

Chapter 9: Dynamic analysis

Links from the text:

• Parasoft Insure++
• Dmalloc
• Microsoft's application verifier
• A paper by Poul-Henning Kamp about PhkMalloc
• PhkMalloc
• Electric Fence
• Valgrind

Chapter 10: Complete and correct error handling

Links from the text:

• Microsoft Security Bulletin MS02-018
• JVN#45389864 CGIWrap error page cross-site scripting vulnerability
• PR07-37 XSS on Apache HTTP Server 413 error pages via malformed HTTP method
• Apple Safari error page cross-site scripting
• PR08-19 XSS on Cisco IOS HTTP Server
• Paul Starzetz of iSEC Security Research
• Tamper Data

Chapter 11: Output validation

Links from the text:

• the fake secure login page
• information about the bogus login screen
• TrustBar: Protecting (even Na357ve) Web Users from Spoofing and Phishing Attacks by Amir Herzberg and Ahmad Gbara

Chapter 12: Feature interactions

Links from the text:

• Feature Interaction: A Critical Review and Considered Forecast by Muffy Calder, Mario Kolberg, Evan H. Magill Stephan Reiff-Marganiec
• FAQ Sheet on Feature Interaction by Pamela Zave

Chapter 13: Data Security Testing

Links from the text:

• OpenBSD NTP daemon in OpenBSD 3.6 (and later)
• CERT Advisory CA-1993-15
• Halderman et al., ``Lest We Remember: Cold Boot Attacks on Encryption Keys''
• Bruce Schneier's blog on choosing secure passwords

Chapter 14: Insecure Communication

Links from the text:

• Nessus
• OpenSSL
• Stunnel
• SSL Digger

Chapter 15: Authentication and Authorization Errors

Links from the text:

• Your Free MacWorld Expo Platinum Pass (valued at $1,695) by Kurt Grutzmacher
• Clickjacking Details
• the OWASP Guide to Authentication
• CAPTCHA Security: A Case Study by Jeff Yan and Ahmad Salah El Ahmad
• Open Source Vulnerability Database (OSVDB)
• SecurityFocus

Chapter 16: Debugging with gdb

Links from the text:

• gdb documentation
• DDD
• emacs
• Insight
• A Guided Tour of Emacs

Chapter 17: More debugging with gdb

Links from the text:

• gdb documentation
• POSIX Threads Programming Exercise

Chapter 18: Attacking Web Applications

Links from the text:

• Web proxy from PortSwigger.net
• WebScarab's web site
• Paros suite
• Nikto
• The Firefox Web Developer toolbar home page
• The Web Developer toolbar, from Mozilla.org
• IEWatch
• WebGoat project page
• WebGoat
• The Firefox SwitchProxy toolbar

Additional links, not from the course text, or, software needed for the chapter:

nikto-2.02.tar.gz
web-developer-1.1.6.xpi
burpsuite_v1.1.zip
paros-3.2.13-unix.zip
paros-3.2.13-win.dat
paros-3.2.13-win.exe
paros-3.2.13-src.zip
paros_user_guide.pdf
WebGoat-OWASP_Standard-5.1.zip (for Linux and Windows)
webgoat-5.1.sh (startup file for Linux)
webscarab-installer-20070504-1631.jar
webscarab-selfcontained-20070504-1631.jar
webscarab-src-20070504-1631.zip
switchproxy_tool-1.4.1-fx+mz+tb.xpi
tamper_data-10.0.4-fx.xpi

SkillBridge Training

Examples from the class notes (or, all as one file).

Selected Solutions from the class notes (no looking until you have solved the problems!). Note that all solutions are in an appendix of your course book. All solutions in a compressed tar file.

Evaluation form (if needed)