Monday, July 27, 2015

Software Security - Penetration Testing - Week 6


Question 1

What is penetration testing?
Question 2
Which of the following are benefits of penetration testing?
  • They specifically consider adversarial thinking, which is not usually necessary for normal tests
    • Adversaries will try to find weird corner cases to exploit, whereas normal users will focus on common use cases
  •  Results are often reproducible
    •  Penetration test results can be recorded and replayed so they can be reproduced
Question 3
What does it mean to "be stealthy" during a penetration test?
  •  Using encryption during tests to make the source of attacks impossible to determine
    • This might be one means for ensuring the higher-level goal of avoiding detection, but is not the only one.
Question 4
What is a web proxy?
  • A piece of software that intercepts and possibly modifies requests (and responses) between a web browser and web server
Question 5
What is Nmap?
  •  It is a scanner which works by injecting packets to a range of addresses, and inferring what hosts and services might be at those addresses, based on the responses
Question 6
What is ethical hacking?
  • Hacking systems (e.g., during penetration testing) to expose vulnerabilities so they can be fixed, rather than exploited
Question 7
Which of the following statements describe fuzz testing (aka fuzzing)?
  •  It has been used to find security vulnerabilities in many commodity programs
    •  Examples include Acrobat, Chrome, and others
  •  It is concerned with finding known-bad behaviors, like crashes and hangs
    •  Fuzzing does not use specifications, so it can only look for behaviors it knows are likely to be bad
Question 8
Which of the following are true of whitebox fuzzing?
  •  American Fuzzy Lop is (at least in part) a whitebox fuzzer
    •  American Fuzzy Lop takes into account the lines of code executed by a test in determining the next input, and thus considers the program's internals
  •  SAGE is (at least in part) a whitebox fuzzer
    •  SAGE uses symbolic execution to find test cases, and is thus guided by the program's code
Question 9
(3 pts) Which of the following is true of mutation-based fuzzing?
  •  It generates each different input by modifying a prior input
Question 10
Which of the following styles of fuzzer is more likely to explore paths covering every line of code in the following program?
int main(int argc, char **argv) {
  char buf[100];
  while (fgets(buf,sizeof(buf),stdin) != NULL) {
    int c = atoi(buf);
    if (c == 456799)
      printf("%s\n",(char *)c);
    else {
      int i = 0;
      for (i=0; i<c; i++)
 printf(".");
      printf("\n");
    }
  }
  return 0;
}
  • Whitebox
     
Which of the following are functions of a network-based fuzzer?
  •  Acting as a client
    •  Network fuzzers may play any role in a network communication
  •  Acting as a "man in the middle"
    •  Network fuzzers may play any role in a network communication, and may intercept messages between legitimate roles
Question 12
Suppose you want to use fuzzing on a program to try to find memory errors; which of the following statements is true?
  •  Compiling the program with address sanitizer (ASAN) will make the source of a memory error easier to find
























4 comments:

  1. Data stealing through the internet is a real modern threat. Anybody can become victim of hacker attacks.CyberTraining 365 will enable you to perform Penetration testing of your servers and systems by yourself to make sure your information is well protected.

    ReplyDelete
  2. Thanks you for sharing the article. The data that you provided in the blog is infromative and effectve. Through you blog I gained so much knowledge. Also check my collection at selenium Online Training Blog

    ReplyDelete
  3. Really nice topics you had discussed above. I am much impressed. Thank you for providing this nice information here.

    Software Testing Company

    QA Services

    Mobile Game Testing

    Gameplay Testing

    Switch Game Testing

    ReplyDelete
  4. Your blog is awesome. You have shared most valuable information to us. Cyber SUCCES is the IT Training Institute in Pune. We Provide Best software testing classes in Pune with highest placement ratio

    ReplyDelete