IDEVA  Internet Development Associates       

 

System and Application Testing for Security Vulnerabilities

If you think that security is about a few pimply faced kids testing passwords and getting lucky – think again.  In 2004 black hats (hackers) are for-profit businessmen who create and sell some of the best and most sophisticated test automation software on the planet; automation software that is focused on locating systems that are vulnerable to attack, and exploiting that vulnerability.  The black hats sell this hackware (for lots of money) to wanna-be hackers for profit then sit back and let the bogus traffic of all those little automation tools cover their real activities.

The net result is that hacker attacks are at an all time high in 2004 it was the year that hackers became a visible, palpable threat to every application and system in the world. The honeynet project reports that the average life expectancy of an unprotected server is 72 hours, and the shortest manual compromise time was 15 minutes but a worm got the job done in 15 seconds.

Are your software systems vulnerable to attack?  If your system has a server in it or a database, it is vulnerable.  Even if it exists in a secure closed network with no outside connections, i.e. the Internet, it is still vulnerable.  If your application has a single data entry point in it your system is vulnerable.  Even if your system does not contain any business intelligence, financial information, or strategic information it can still be a worthwhile a target, simply for its computing power and its connections, or the damage it would do if it failed.  Making sure that your applications and systems are secure is a big job and software testers are the on the front line of defense against these bad guys. 

 This seminar shows brings you up to speed on today’s security realities and shows you just how insecure our computer systems are.  You will find out what hackers are doing, how they are doing it, and why, so that you can prepare your software applications and systems for the war zone they will have to survive.  This seminar shows testers what to test for and how to test it to ensure their system is able to withstand current attack strategies and how to connect to ongoing information streams that will keep them on top of security vulnerabilities as they are discovered. 

Forget what you think you know about hackers and who is responsible for security.  We are all responsible for security – or else.  Remember the guys with the pony tails in the security group? They poke around the network looking for signs of attack, by the time they find something amiss – it is already too late.  Microsoft alone has released 25 critical security patches from July 15,2004 to November 1, 2004.  At least 2/3 or these patches correct application and operating system vulnerabilities that have already been exploited by hackers.  Software testers are on the front line of this war, most of them just don’t know it yet. 

Topics discussed in this Seminar:

  • Hacking in the 21st century – the under reported war
    • Why should testers care about security vulnerabilities?
  • How hackers target applications and systems
    • Attack Vectors
    • Attack Surfaces
    • Attack Styles Diversions, Breaches, Infiltrations, Exploitations
    • Attack Purpose: Information Theft, Compromise, Recourse Diversion and Repurposing, Complete Destruction – Mahem
  • The software testers’ role in this war
    • Testers are in the best position to identify security vulnerabilities before they become everybody’s problem
    • What you need to do now

Students Learn:

  • The profiles of hackers in the 21st century – What they do and how they do it
  • How to identify and test for Attack Targets and Surfaces
  • How to test for the most common types of security failures (How to hack the systems they are testing)
  • References, BLOGS, and newsletters that will help them stay informed about current Security Issues

 Introduction –Our Software Systems are Under Constant Attack

  • Profile of the Black Hat
    • What they do
    • How they do it
    • Why they do it

The Mechanics of Security Breach

  •  Attack Vectors
  • Attack Surfaces
  • Attack Styles Diversions, Breaches, Infiltrations, Exploitations
  • Attack Purpose: Information Theft, Compromise, Recourse Diversion and Repurposing, Complete Destruction – Mahem

What to test for and how to test it

  • Attack Surfaces in Software Systems and Architecture
    • Networks
    • Servers
    • Data Bases
    • Applications:
      • Server side applications
      • Client side applications
  • Other Security Issues

  • Automated Tools


Contact us at  support@ideva.com
Copyright Ideva 2010
Last modified: February 04, 2010 Hit Counter