|
|
 |
 |
 |
 |
Activity:
Write Security Tests
 |
|
Participating Roles
Responsible:
Tester |
Security tests or penetration tests utilize the threats found in the threat modeling process to simulate an adversary’s attempt to achieve specific malicious goals in the product. This form of testing can be divided into three parts: exploration, flaw identification, and exploitation. Penetration testing can result in the discovery of new vulnerabilities that become security requirements or bugs in the attempt to lock down entry points and subsequent access to assets. As a result, testers must be as aware of the elements of the threat model as architects are. This form of testing requires the special skills of being able to think and act like the adversary. Access to the threat model gives them the ability to systematically attack the system in an informed way.
Entry Criteria
Dependencies:
- You are assigned a test task for a security requirement that is scheduled for the iteration.
- The threat model is up-to-date and published.
Sub-Activities
|
|
1 |
Explore the Entry Points |
- Identify a system’s entry points and functionality for the protection of assets. Use an informed testing approach, gathering information from the threat model to determine the expected avenues of attack.
- Prioritize the entry points and cross reference the entry points with the trust levels. Create environments and test configurations for each of the trust levels.
|
|
2 |
Identify Flaws |
- Write test cases that utilize directed or semi-random tests to attempt to access to an asset. Directed measures are aimed at bypassing specific security measures. For example, look to acquire a session identifier and modify the account number in a URL.
- Semi-random attacks may use fuzzing or the manipulation of a data format or protocol to test boundary conditions or elicit errors from the application. Test limits such as buffer sizes, integer roll-overs, negative numbers, and buffer lengths.
|
|
3 |
Exploit Weaknesses |
- Add test cases to exploit any weaknesses found to attempt to access assets. Some of these test cases will have to be exploratory rather than fixed. Take into consideration the amount of time required to figure out how to exploit weaknesses to access assets. While unauthorized entry into the system is a bug, access to protected assets presents the strongest case for fixing these bugs. Ensure that the security test case scenarios address common tactics used to capture secret data, gain unauthorized access, or deny access to legitimate users.
- Save these manual test cases in the appropriate security requirement folder. Check them in. Add any test data requirements to the section of the test approach worksheet for this iteration.
|
Exit Criteria
 |
The security tests cover all the elements of security requirements called for in the test task. |
|
Any necessary test data is added to the iteration section of the test approach worksheet. | |
 |
 |
 |
 |
© 2006 Microsoft Corporation. All rights reserved.
Version 4.1.0 |
 |
Overview 