Security Testing

Question 1

Define Security Testing…

Answer 1

A systematic process for identifying vulnerabilities in systems.

Question 2

What are the 2 types of testing? Define each…

Answer 2

Static : source code analysis
Dynamic : Security tool analyses the output of the program.

Question 3

Define how each type of testing is done manually and automatically?

Answer 3

Static Manual : Manual source code review.
Static Automated : Tool to analyse the source code.
Dynamic Manual : Manually analyse the output of the program given an input.
Dynamic Automated : Use software to review program output.

Question 4

Explain True Positive Notation

Answer 4

True = Tool is correct
False = Tool is wrong
Positive = Vulnerability found
Negative = Vulnerability not found

Question 5

What is the ideal outcome of True Positive notation?

Answer 5

The tool outputs 100% True Positive and True Negative.

Question 6

What are 2 issues that many tools have?

Answer 6

High False Positive : Many minor bugs are raised, causing unecessary debugging for developers.
High False Negative : The tool is wrong and doesn’t report bugs, hence they go unnoticed.

Question 7

What is the differing perspectives of developers and security experts when it comes to True Positive notation?

Answer 7

Developers : Want zero false positives to avoid unecessary debugging.
Security Experts : Want zero false negatives so all bugs are accounted for (better safe than sorry).

Question 8

What is the SAST process?

Answer 8

Parse source code; Analyse the parsed code; Ouput the report.

Question 9

What is SAST looking for?

Answer 9

Local Issues such as insecure functions or secrets in code.
Data flow issues such as XSS and secrets in code.

Question 10

What is the sweet spot of SAST?

Answer 10

Analysing generic defects in the code such as buffer overflow.

Question 11

What type of defects and where does SAST look for them?

Answer 11

Generic and context specific defects.
Look in code and architecture.

Question 12

What are type checks a common cause of?

Answer 12

False negative and false positive.

Question 13

What is the difference betweens Style Checks and Type Checks?

Answer 13

Type checks : Check types at compile time.
Style checks: Check syntax and semantics.

Question 14

What is fuzzing?

Answer 14

The generation of a large set of test input data.

Question 15

What are some issues with fuzzing?

Answer 15

Does input fit criteria?
Did we get enough coverage?
Is response a bug or not?

Question 16

What are the 3 types of fuzzing?

Answer 16

Radom : Randomy generate fuzz.
Mutation-based : Mutates existing data to generate the fuzz.
Generation-based : Generate fuzz based on pre-existing data set.

Question 17

Should we use SAST and DAST? If so, why?

Answer 17

Yes. Sweet spots complement each other.