Security Test Cases

Question 1

Steps in Penetration Testing

Answer 1

1. Reconnaissance (discovery and enumeration)
2. Attack and exploitation
3. Removal of evidence
4. Reporting

Question 2

Common Methods Security testing - Fuzzing

Answer 2

Brute Force providing multitude of inputs.
May detect input validation errors, buffer overflows.
Used in White, black, gray box testing.
Generation-based fuzz testing uses the specifications of input streams to determine the data streams that are to be used in testing. Mutation-based fuzzers take known good traffic and mutate it in specific ways to create new input streams for testing.

Question 3

Common Methods Security testing - Simulation

Answer 3

• in Production like env. helping discover issues associated with the instantiation of an application and its operation in the production environment.
• typically last line of defense.
• performance testing

Question 3

Common Methods Security testing - Scaning

Answer 3

Scan for
- networks, OS fingerprinting,
- compliance with PCI DD or sarbanes oxley,
- vulnerabilities

Question 4

Common Methods Security testing - Failure mode or Break testing

Answer 4

Break testing is where one uses inputs that are specifically designed to trigger failures.
- stress/load testing
- simulate conditions that result in incorrect outputs

Question 5

FIPS -2 (Federal Information Processing Standards)

Answer 5

specifies requirements, specifications, and testing of cryptographic systems for the U.S. federal government.