Security Testing Flashcards

1
Q

Define Security Testing…

A

A systematic process for identifying vulnerabilities in systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the 2 types of testing? Define each…

A

Static : source code analysis
Dynamic : Security tool analyses the output of the program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define how each type of testing is done manually and automatically?

A

Static Manual : Manual source code review.
Static Automated : Tool to analyse the source code.
Dynamic Manual : Manually analyse the output of the program given an input.
Dynamic Automated : Use software to review program output.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain True Positive Notation

A

True = Tool is correct
False = Tool is wrong
Positive = Vulnerability found
Negative = Vulnerability not found

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the ideal outcome of True Positive notation?

A

The tool outputs 100% True Positive and True Negative.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are 2 issues that many tools have?

A

High False Positive : Many minor bugs are raised, causing unecessary debugging for developers.
High False Negative : The tool is wrong and doesn’t report bugs, hence they go unnoticed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the differing perspectives of developers and security experts when it comes to True Positive notation?

A

Developers : Want zero false positives to avoid unecessary debugging.
Security Experts : Want zero false negatives so all bugs are accounted for (better safe than sorry).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the SAST process?

A

Parse source code; Analyse the parsed code; Ouput the report.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is SAST looking for?

A

Local Issues such as insecure functions or secrets in code.
Data flow issues such as XSS and secrets in code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the sweet spot of SAST?

A

Analysing generic defects in the code such as buffer overflow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What type of defects and where does SAST look for them?

A

Generic and context specific defects.
Look in code and architecture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are type checks a common cause of?

A

False negative and false positive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the difference betweens Style Checks and Type Checks?

A

Type checks : Check types at compile time.
Style checks: Check syntax and semantics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is fuzzing?

A

The generation of a large set of test input data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are some issues with fuzzing?

A

Does input fit criteria?
Did we get enough coverage?
Is response a bug or not?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the 3 types of fuzzing?

A

Radom : Randomy generate fuzz.
Mutation-based : Mutates existing data to generate the fuzz.
Generation-based : Generate fuzz based on pre-existing data set.

17
Q

Should we use SAST and DAST? If so, why?

A

Yes. Sweet spots complement each other.