Passive in nature
Example: OS fingerprinting
Microsoft tool to analyze how Windows is impacted when app is installed
- Active testing
- purpose: provide details to dev team so root cause can be fixed
Steps:
- Recon (discovery, enumeration)
- attack and exploitation
- removal of evidence
- reporting
- brute-force, large number of inputs
- network protocols, file protocols, web protocols
- most browser errors are found via fuzzing
- block-box, white-box, or grey-box
- tests input validation vulns (e.g. XSS, injection)
- both generation-based and mutation-based are used and have different advantages
- test in a pre-prod env
- all aspects (config, firewall, OS, load/performance, etc)
- most testing is testing for failure - also important to test for incorrect values
- crypto random numbers are essential - best from crypto libraries
- Federal Information Processing Standards
- selection of approved algorithms and implementation for federal gov
- more important as software gets older
- one of most time consuming parts of software patches