SlideShare a Scribd company logo

How penetration testing techniques can help you improve your qa skills

Marian Marinov
Marian Marinov

The document discusses how penetration testing techniques can help improve QA skills. It outlines key differences between how penetration testers and QA engineers approach testing. Penetration testers take a more aggressive approach, trying to break systems in unexpected ways by undermining assumptions. They gather extensive information about infrastructure and software, define success narrowly, search for vulnerabilities, and combine use cases. Their testing is more expansive in scope, tools used, and environments tested in than typical QA testing. Adopting some penetration testing techniques like fuzzing inputs and reverse engineering could help QAs broaden their testing approach.

Education
1 of 32
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
How PENETRATION TESTING techniques CAN HELP YOU IMPROVE your QA skills Marian HackMan Marinov <mm@siteground.com>
Who am I?Who am I? ❖ Chief System Architect of Siteground.com ❖ Sysadmin since 1996 ❖ Organizer of OpenFest, BG Perl Workshops, LUG-BG and similar :) ❖ Teaching Network Security and Linux System Administration at Sofia University
☹☹☹☹☹☹ The QA position is underrated and heavily undermined by the web industry
☹☹☹☹☹☹ The QA position is underrated and heavily undermined by the web industry I really admire the work that QA people do!
Let's clear some stuffLet's clear some stuff ❖ Black box testing ❖ Gray box testing ❖ White box testing
Pentesting what?Pentesting what? ❖ Pentesting is actually QA testing :) ❖ The plans that pentesters prepare for attacks are similar to the plans QA devise to test the same software. ❖ The difference is the way the testing is performed and what is evaluated for testing.
The fist part of the presentation would be about Black/Grey box testing The fist part of the presentation would be about Black/Grey box testing Simply because it shows some very important differences Simply because it shows some very important differences
Pentester vs. QAPentester vs. QA
Pentesters start by gathering information about the infrastructure and the software Pentesters start by gathering information about the infrastructure and the software QA guys, usually relay on Devs, Documentation and Requirements for the same info QA guys, usually relay on Devs, Documentation and Requirements for the same info
Pentesters define the expected successful result by running one real life test and writing down its result. Than every other response is considered failure Pentesters define the expected successful result by running one real life test and writing down its result. Than every other response is considered failure Every time a QA see an error in the logs of the app or the server, she is considering it, a failure Every time a QA see an error in the logs of the app or the server, she is considering it, a failure
Pentesters try to find the places that are most likely to be vulnerable (common flaws and bugs) Pentesters try to find the places that are most likely to be vulnerable (common flaws and bugs) QAs tryies to test the whole applicationQAs tryies to test the whole application
Pentesters always look for chain of events, that if triggered, will give them access (Design vulnerabilities) Pentesters always look for chain of events, that if triggered, will give them access (Design vulnerabilities) QAs usually focus on the current layer of the application and relay on the tests of the next level to cover the whole QAs usually focus on the current layer of the application and relay on the tests of the next level to cover the whole
Pentesters try to use and abuse unspecified behavior in functions, and for that they try generate all impossible inputs Pentesters try to use and abuse unspecified behavior in functions, and for that they try generate all impossible inputs QAs usually limit their tests to a predefined set of inputs or limited number of generated inputs QAs usually limit their tests to a predefined set of inputs or limited number of generated inputs
Every time a test fails, pentesters expand the search Every time a test fails, pentesters expand the search With QAs, every time a test fails, they return the code to the Dev team With QAs, every time a test fails, they return the code to the Dev team
Pentesters have more time and they are working on the LIVE environment Pentesters have more time and they are working on the LIVE environment QAs do their tests on mockup/staging environments QAs do their tests on mockup/staging environments
Pentesters use tools for generating wordlist and dictionaries Pentesters use tools for generating wordlist and dictionaries QAs should start doing the same...QAs should start doing the same...
Sometimes pentesters get their hands on binaries and they do try to reverse them, to understand and break them Sometimes pentesters get their hands on binaries and they do try to reverse them, to understand and break them I'm yet to see a QA do some reversing...I'm yet to see a QA do some reversing...
❖❖ Decision table testingDecision table testing ❖❖ All-pairs testingAll-pairs testing ❖❖ Equivalence partitioningEquivalence partitioning ❖❖ Boundary value analysisBoundary value analysis ❖❖ Cause–effect graphCause–effect graph ❖❖ Error guessingError guessing ❖❖ State transition testingState transition testing ❖❖ Use case testingUse case testing ❖❖ User story testingUser story testing ❖❖ Domain analysisDomain analysis ❖❖ Combining techniqueCombining technique Black/Gray box testingBlack/Gray box testing
Generally pentesters use more tools for a single test then QAs. They try to combine more then one completely valid use case, to construct one test, that will break the system. Generally pentesters use more tools for a single test then QAs. They try to combine more then one completely valid use case, to construct one test, that will break the system.
And here is something from the bookAnd here is something from the book Exploiting SoftwareExploiting Software:: An attacker starts with breaking theAn attacker starts with breaking the rules and undermining assumptions.rules and undermining assumptions. One of the key assumptions to test isOne of the key assumptions to test is the "implicit trust" assumption.the "implicit trust" assumption. Attackers will always break any ruleAttackers will always break any rule relating to when, where, and what isrelating to when, where, and what is "allowed""allowed" Black/Gray box testingBlack/Gray box testing
If you want to broaden your test case horizons... I advise you to read the specific techniques outlined in "Exploiting Software" If you want to broaden your test case horizons... I advise you to read the specific techniques outlined in "Exploiting Software"
❖❖ shell command injectionshell command injection * argument injection* argument injection * command delimiters* command delimiters * multiple parsers and double escapes* multiple parsers and double escapes ❖❖ Plumbing pipes, ports and permissionsPlumbing pipes, ports and permissions ❖❖ Exploiting the filesystemExploiting the filesystem * user-supplied variable passed to the filesystem calls* user-supplied variable passed to the filesystem calls * postfix null terminator* postfix null terminator * postfix null terminate and backslash* postfix null terminate and backslash * relative path traversal* relative path traversal ❖❖ Manipulating environment variablesManipulating environment variables ❖❖ Leveraging poor session authenticationLeveraging poor session authentication * Session ID, Resource ID and Blind trust* Session ID, Resource ID and Blind trust * Bruteforcing session IDs* Bruteforcing session IDs * Multiple paths of authentication* Multiple paths of authentication * Failure to check error codes* Failure to check error codes Specific techniquesSpecific techniques
❖❖ Every QA is doing exactly thisEvery QA is doing exactly this White box testingWhite box testing
❖❖ Every QA is doing exactly thisEvery QA is doing exactly this ❖❖ But let's look at the differencesBut let's look at the differences White box testingWhite box testing
❖❖ Pentesters do whitebox testingPentesters do whitebox testing * when they are testing opensource apps* when they are testing opensource apps * if they were given the code* if they were given the code ❖❖ Pentesters usually try to find bugs in thePentesters usually try to find bugs in the integration between the app they have theintegration between the app they have the source to and the app which source they don'tsource to and the app which source they don't ❖❖ Pentesters check, does the software complyPentesters check, does the software comply withwith allall the security guidelines for the specificthe security guidelines for the specific language or systemlanguage or system White box testingWhite box testing
❖❖ Pentesters use debuggersPentesters use debuggers * to inject code* to inject code * change memory* change memory * even change the flow of the application* even change the flow of the application ❖❖ Injecting code or otherwise influencing theInjecting code or otherwise influencing the application is considered by many, not possible.application is considered by many, not possible. * This is now a reality!* This is now a reality! ❖❖ Pentesters consider bug in one layer as anPentesters consider bug in one layer as an open door for your whole appopen door for your whole app White box testingWhite box testing
❖❖ Code coverageCode coverage * Control flow testing* Control flow testing * Data flow testing* Data flow testing * Branch testing* Branch testing * Statement coverage* Statement coverage * Decision coverage* Decision coverage * Modified condition/decision coverage* Modified condition/decision coverage * Prime path testing* Prime path testing * Path testing* Path testing White box testingWhite box testing QA
❖❖ Code static analysisCode static analysis ❖❖ Analysis ofAnalysis of * memory states, finding possible entry* memory states, finding possible entry points for malicious codepoints for malicious code * interaction between different parts of* interaction between different parts of the software(exchanging data betweenthe software(exchanging data between APIs and Frameworks)APIs and Frameworks) ❖❖ Forcing race conditions, filling buffersForcing race conditions, filling buffers and then examining the performance ofand then examining the performance of the app and its memory structuresthe app and its memory structures White box testingWhite box testing QA
❖❖ In order to be able to build moreIn order to be able to build more extensive tests, you have to be aware ofextensive tests, you have to be aware of the possible issues that may happenthe possible issues that may happen with:with: - your software- your software - the language(s) that you are using- the language(s) that you are using - the infrastructure that is hosting your- the infrastructure that is hosting your applicationsapplications Finally!Finally!
We are hiring!We are hiring! THANK YOUTHANK YOU Marian HackMan Marinov <mm@siteground.com>
Related booksRelated books Marian HackMan Marinov <mm@siteground.com>
We are hiring!We are hiring! THANK YOUTHANK YOU Marian HackMan Marinov <mm@siteground.com>

More Related Content

What's hot (20)

PPTX
The Test way
Mikhail Grinfeld
 
ODP
Java code coverage with JCov. Implementation details and use cases.
Alexandre (Shura) Iline
 
PDF
Is this how you hate unit testing?
Steven Mak
 
PPT
TDD (Test Driven Design)
nedirtv
 
PPTX
Test Driven Development (TDD) Preso 360|Flex 2010
guest5639fa9
 
PDF
How and what to unit test
Eugenio Lentini
 
PDF
When develpment met test(shift left testing)
SangIn Choung
 
PDF
Testing untestable code - STPCon11
Stephan Hochdörfer
 
PDF
Unit testing legacy code
Lars Thorup
 
PPTX
DevOps - Boldly Go for Distro
Paul Boos
 
DOCX
Realtime selenium interview questions
Kuldeep Pawar
 
DOCX
Test driven development and unit testing with examples in C++
Hong Le Van
 
DOCX
TestDrivenDeveloment
Antonio Tapper
 
PPTX
Unit Tests And Automated Testing
Lee Englestone
 
PPTX
PVS-Studio and static code analysis technique
Andrey Karpov
 
PDF
TDD Flow: The Mantra in Action
Dionatan default
 
PPTX
Software testing ... who’s responsible is it?
Manjula03809891
 
PDF
Pragmatic Code Coverage
Alexandre (Shura) Iline
 
PDF
Practical (J)Unit Testing (2009)
Peter Kofler
 
PDF
Introduction to TDD (Test Driven development) - Ahmed Shreef
Ahmed Shreef
 
The Test way
Mikhail Grinfeld
 
Java code coverage with JCov. Implementation details and use cases.
Alexandre (Shura) Iline
 
Is this how you hate unit testing?
Steven Mak
 
TDD (Test Driven Design)
nedirtv
 
Test Driven Development (TDD) Preso 360|Flex 2010
guest5639fa9
 
How and what to unit test
Eugenio Lentini
 
When develpment met test(shift left testing)
SangIn Choung
 
Testing untestable code - STPCon11
Stephan Hochdörfer
 
Unit testing legacy code
Lars Thorup
 
DevOps - Boldly Go for Distro
Paul Boos
 
Realtime selenium interview questions
Kuldeep Pawar
 
Test driven development and unit testing with examples in C++
Hong Le Van
 
TestDrivenDeveloment
Antonio Tapper
 
Unit Tests And Automated Testing
Lee Englestone
 
PVS-Studio and static code analysis technique
Andrey Karpov
 
TDD Flow: The Mantra in Action
Dionatan default
 
Software testing ... who’s responsible is it?
Manjula03809891
 
Pragmatic Code Coverage
Alexandre (Shura) Iline
 
Practical (J)Unit Testing (2009)
Peter Kofler
 
Introduction to TDD (Test Driven development) - Ahmed Shreef
Ahmed Shreef
 

Viewers also liked (20)

PPTX
LUG-BG - Kostadin Slavkov - PostgreSQL 10
Marian Marinov
 
PDF
Introduction to python
Marian Marinov
 
PDF
Practical my sql performance optimization
Marian Marinov
 
PDF
Gluster.community.day.2013
Udo Seidel
 
PDF
Protecting your home and office in the era of IoT
Marian Marinov
 
PDF
4 Sessions
Marian Marinov
 
PDF
Comparison of foss distributed storage
Marian Marinov
 
PDF
Io t introduction to electronics
Marian Marinov
 
PDF
Lxd the proper way of runing containers
Marian Marinov
 
ODP
Securing the network for VMs or Containers
Marian Marinov
 
ODP
Computer vision for your projects
Marian Marinov
 
PDF
Make your internship "worth it"
Marian Marinov
 
PDF
Moving your router inside container
Marian Marinov
 
PDF
LUG-BG 2017 - Rangel Ivanov - Spread some butter - BTRFS
Marian Marinov
 
ODP
Protecting your data when entering the US
Marian Marinov
 
PDF
Why we are migrating to Slackware
Marian Marinov
 
ODP
Home assistant
Marian Marinov
 
ODP
How to setup your linux server
Marian Marinov
 
PDF
Performance comparison of Distributed File Systems on 1Gbit networks
Marian Marinov
 
ODP
nftables - the evolution of Linux Firewall
Marian Marinov
 
LUG-BG - Kostadin Slavkov - PostgreSQL 10
Marian Marinov
 
Introduction to python
Marian Marinov
 
Practical my sql performance optimization
Marian Marinov
 
Gluster.community.day.2013
Udo Seidel
 
Protecting your home and office in the era of IoT
Marian Marinov
 
4 Sessions
Marian Marinov
 
Comparison of foss distributed storage
Marian Marinov
 
Io t introduction to electronics
Marian Marinov
 
Lxd the proper way of runing containers
Marian Marinov
 
Securing the network for VMs or Containers
Marian Marinov
 
Computer vision for your projects
Marian Marinov
 
Make your internship "worth it"
Marian Marinov
 
Moving your router inside container
Marian Marinov
 
LUG-BG 2017 - Rangel Ivanov - Spread some butter - BTRFS
Marian Marinov
 
Protecting your data when entering the US
Marian Marinov
 
Why we are migrating to Slackware
Marian Marinov
 
Home assistant
Marian Marinov
 
How to setup your linux server
Marian Marinov
 
Performance comparison of Distributed File Systems on 1Gbit networks
Marian Marinov
 
nftables - the evolution of Linux Firewall
Marian Marinov
 
Ad

Similar to How penetration testing techniques can help you improve your qa skills (20)

PPT
Software testing
Animesh Dutta
 
PPTX
Introduction to qa
Omid Vahdaty
 
PPT
c
Rishav Upreti
 
PPTX
Slides1 - testing
Jyothi Vbs
 
PPTX
Software testing
mkn3009
 
PPSX
Introduction to software testing
Venkat Alagarsamy
 
PPTX
19 Software Testing Techniques presentation file.pptx
mdahsan5626
 
PPTX
Software_Testing_Techniques_undergraduate.pptx
MrittikaMahbub1
 
PPTX
Find maximum bugs in limited time
beched
 
PPTX
Software testing
Abhishek Gautam
 
PPTX
White box & black box testing
Saket Khopkar
 
PDF
Pen test career. how to begin
STO STRATEGY
 
PDF
Finding Needles in Haystacks
snyff
 
PPT
Testing fundamentals
Abdul Basit
 
PDF
[Russia] Bugs -> max, time &lt;= T
OWASP EEE
 
PPTX
black and white Box testing.pptx
PavanNikhil3
 
DOCX
1. Watch the video a. Episode 9 Munchausen by Proxy Dying fo
BenitoSumpter862
 
DOCX
1. Watch the video a. Episode 9 Munchausen by Proxy Dying fo
SantosConleyha
 
PDF
QA in an Agile Environment
Intelliware Development Inc.
 
PDF
Software testing
Guru Janbheshver University, Hisar
 
Software testing
Animesh Dutta
 
Introduction to qa
Omid Vahdaty
 
c
Rishav Upreti
 
Slides1 - testing
Jyothi Vbs
 
Software testing
mkn3009
 
Introduction to software testing
Venkat Alagarsamy
 
19 Software Testing Techniques presentation file.pptx
mdahsan5626
 
Software_Testing_Techniques_undergraduate.pptx
MrittikaMahbub1
 
Find maximum bugs in limited time
beched
 
Software testing
Abhishek Gautam
 
White box & black box testing
Saket Khopkar
 
Pen test career. how to begin
STO STRATEGY
 
Finding Needles in Haystacks
snyff
 
Testing fundamentals
Abdul Basit
 
[Russia] Bugs -> max, time &lt;= T
OWASP EEE
 
black and white Box testing.pptx
PavanNikhil3
 
1. Watch the video a. Episode 9 Munchausen by Proxy Dying fo
BenitoSumpter862
 
1. Watch the video a. Episode 9 Munchausen by Proxy Dying fo
SantosConleyha
 
QA in an Agile Environment
Intelliware Development Inc.
 
Software testing
Guru Janbheshver University, Hisar
 
Ad

More from Marian Marinov (20)

PDF
How to start and then move forward in IT
Marian Marinov
 
PDF
Thinking about highly-available systems and their setup
Marian Marinov
 
PDF
Understanding your memory usage under Linux
Marian Marinov
 
PDF
How to implement PassKeys in your application
Marian Marinov
 
PDF
Dev.bg DevOps March 2024 Monitoring & Logging
Marian Marinov
 
PDF
Basic presentation of cryptography mechanisms
Marian Marinov
 
PDF
Microservices: Benefits, drawbacks and are they for me?
Marian Marinov
 
PDF
Introduction and replication to DragonflyDB
Marian Marinov
 
PDF
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
Marian Marinov
 
PDF
How to successfully migrate to DevOps .pdf
Marian Marinov
 
PDF
How to survive in the work from home era
Marian Marinov
 
PDF
Managing sysadmins
Marian Marinov
 
PDF
Improve your storage with bcachefs
Marian Marinov
 
PDF
Control your service resources with systemd
Marian Marinov
 
PDF
Comparison of-foss-distributed-storage
Marian Marinov
 
PDF
Защо и как да обогатяваме знанията си?
Marian Marinov
 
PDF
Securing your MySQL server
Marian Marinov
 
PDF
Sysadmin vs. dev ops
Marian Marinov
 
PDF
DoS and DDoS mitigations with eBPF, XDP and DPDK
Marian Marinov
 
PDF
Challenges with high density networks
Marian Marinov
 
How to start and then move forward in IT
Marian Marinov
 
Thinking about highly-available systems and their setup
Marian Marinov
 
Understanding your memory usage under Linux
Marian Marinov
 
How to implement PassKeys in your application
Marian Marinov
 
Dev.bg DevOps March 2024 Monitoring & Logging
Marian Marinov
 
Basic presentation of cryptography mechanisms
Marian Marinov
 
Microservices: Benefits, drawbacks and are they for me?
Marian Marinov
 
Introduction and replication to DragonflyDB
Marian Marinov
 
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
Marian Marinov
 
How to successfully migrate to DevOps .pdf
Marian Marinov
 
How to survive in the work from home era
Marian Marinov
 
Managing sysadmins
Marian Marinov
 
Improve your storage with bcachefs
Marian Marinov
 
Control your service resources with systemd
Marian Marinov
 
Comparison of-foss-distributed-storage
Marian Marinov
 
Защо и как да обогатяваме знанията си?
Marian Marinov
 
Securing your MySQL server
Marian Marinov
 
Sysadmin vs. dev ops
Marian Marinov
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
Marian Marinov
 
Challenges with high density networks
Marian Marinov
 

Recently uploaded (20)

PDF
QNL June Edition hosted by Pragya the official Quiz Club of the University of...
Pragya - UEM Kolkata Quiz Club
 
PPTX
GRADE-3-PPT-EVE-2025-ENG-Q1-LESSON-1.pptx
EveOdrapngimapNarido
 
PPTX
HUMAN RESOURCE MANAGEMENT: RECRUITMENT, SELECTION, PLACEMENT, DEPLOYMENT, TRA...
PRADEEP ABOTHU
 
PPTX
Stereochemistry-Optical Isomerism in organic compoundsptx
Tarannum Nadaf-Mansuri
 
PPTX
Growth and development and milestones, factors
BHUVANESHWARI BADIGER
 
PPTX
PPT-Q1-WEEK-3-SCIENCE-ERevised Matatag Grade 3.pptx
reijhongidayawan02
 
PPTX
Cultivation practice of Litchi in Nepal.pptx
UmeshTimilsina1
 
PDF
The History of Phone Numbers in Stoke Newington by Billy Thomas
History of Stoke Newington
 
PDF
The Constitution Review Committee (CRC) has released an updated schedule for ...
nservice241
 
PDF
Dimensions of Societal Planning in Commonism
StefanMz
 
PPTX
How to Set Up Tags in Odoo 18 - Odoo Slides
Celine George
 
PPTX
MENINGITIS: NURSING MANAGEMENT, BACTERIAL MENINGITIS, VIRAL MENINGITIS.pptx
PRADEEP ABOTHU
 
PDF
ARAL-Orientation_Morning-Session_Day-11.pdf
JoelVilloso1
 
PPTX
Post Dated Cheque(PDC) Management in Odoo 18
Celine George
 
PDF
0725.WHITEPAPER-UNIQUEWAYSOFPROTOTYPINGANDUXNOW.pdf
Thomas GIRARD, MA, CDP
 
PPT
Talk on Critical Theory, Part One, Philosophy of Social Sciences
Soraj Hongladarom
 
PPTX
I AM MALALA The Girl Who Stood Up for Education and was Shot by the Taliban...
Beena E S
 
PPTX
CATEGORIES OF NURSING PERSONNEL: HOSPITAL & COLLEGE
PRADEEP ABOTHU
 
PPTX
How to Handle Salesperson Commision in Odoo 18 Sales
Celine George
 
PDF
Biological Bilingual Glossary Hindi and English Medium
World of Wisdom
 
QNL June Edition hosted by Pragya the official Quiz Club of the University of...
Pragya - UEM Kolkata Quiz Club
 
GRADE-3-PPT-EVE-2025-ENG-Q1-LESSON-1.pptx
EveOdrapngimapNarido
 
HUMAN RESOURCE MANAGEMENT: RECRUITMENT, SELECTION, PLACEMENT, DEPLOYMENT, TRA...
PRADEEP ABOTHU
 
Stereochemistry-Optical Isomerism in organic compoundsptx
Tarannum Nadaf-Mansuri
 
Growth and development and milestones, factors
BHUVANESHWARI BADIGER
 
PPT-Q1-WEEK-3-SCIENCE-ERevised Matatag Grade 3.pptx
reijhongidayawan02
 
Cultivation practice of Litchi in Nepal.pptx
UmeshTimilsina1
 
The History of Phone Numbers in Stoke Newington by Billy Thomas
History of Stoke Newington
 
The Constitution Review Committee (CRC) has released an updated schedule for ...
nservice241
 
Dimensions of Societal Planning in Commonism
StefanMz
 
How to Set Up Tags in Odoo 18 - Odoo Slides
Celine George
 
MENINGITIS: NURSING MANAGEMENT, BACTERIAL MENINGITIS, VIRAL MENINGITIS.pptx
PRADEEP ABOTHU
 
ARAL-Orientation_Morning-Session_Day-11.pdf
JoelVilloso1
 
Post Dated Cheque(PDC) Management in Odoo 18
Celine George
 
0725.WHITEPAPER-UNIQUEWAYSOFPROTOTYPINGANDUXNOW.pdf
Thomas GIRARD, MA, CDP
 
Talk on Critical Theory, Part One, Philosophy of Social Sciences
Soraj Hongladarom
 
I AM MALALA The Girl Who Stood Up for Education and was Shot by the Taliban...
Beena E S
 
CATEGORIES OF NURSING PERSONNEL: HOSPITAL & COLLEGE
PRADEEP ABOTHU
 
How to Handle Salesperson Commision in Odoo 18 Sales
Celine George
 
Biological Bilingual Glossary Hindi and English Medium
World of Wisdom
 

How penetration testing techniques can help you improve your qa skills

  • 1. How PENETRATION TESTING techniques CAN HELP YOU IMPROVE your QA skills Marian HackMan Marinov <[email protected]>
  • 2. Who am I?Who am I? ❖ Chief System Architect of Siteground.com ❖ Sysadmin since 1996 ❖ Organizer of OpenFest, BG Perl Workshops, LUG-BG and similar :) ❖ Teaching Network Security and Linux System Administration at Sofia University
  • 3. ☹☹☹☹☹☹ The QA position is underrated and heavily undermined by the web industry
  • 4. ☹☹☹☹☹☹ The QA position is underrated and heavily undermined by the web industry I really admire the work that QA people do!
  • 5. Let's clear some stuffLet's clear some stuff ❖ Black box testing ❖ Gray box testing ❖ White box testing
  • 6. Pentesting what?Pentesting what? ❖ Pentesting is actually QA testing :) ❖ The plans that pentesters prepare for attacks are similar to the plans QA devise to test the same software. ❖ The difference is the way the testing is performed and what is evaluated for testing.
  • 7. The fist part of the presentation would be about Black/Grey box testing The fist part of the presentation would be about Black/Grey box testing Simply because it shows some very important differences Simply because it shows some very important differences
  • 9. Pentesters start by gathering information about the infrastructure and the software Pentesters start by gathering information about the infrastructure and the software QA guys, usually relay on Devs, Documentation and Requirements for the same info QA guys, usually relay on Devs, Documentation and Requirements for the same info
  • 10. Pentesters define the expected successful result by running one real life test and writing down its result. Than every other response is considered failure Pentesters define the expected successful result by running one real life test and writing down its result. Than every other response is considered failure Every time a QA see an error in the logs of the app or the server, she is considering it, a failure Every time a QA see an error in the logs of the app or the server, she is considering it, a failure
  • 11. Pentesters try to find the places that are most likely to be vulnerable (common flaws and bugs) Pentesters try to find the places that are most likely to be vulnerable (common flaws and bugs) QAs tryies to test the whole applicationQAs tryies to test the whole application
  • 12. Pentesters always look for chain of events, that if triggered, will give them access (Design vulnerabilities) Pentesters always look for chain of events, that if triggered, will give them access (Design vulnerabilities) QAs usually focus on the current layer of the application and relay on the tests of the next level to cover the whole QAs usually focus on the current layer of the application and relay on the tests of the next level to cover the whole
  • 13. Pentesters try to use and abuse unspecified behavior in functions, and for that they try generate all impossible inputs Pentesters try to use and abuse unspecified behavior in functions, and for that they try generate all impossible inputs QAs usually limit their tests to a predefined set of inputs or limited number of generated inputs QAs usually limit their tests to a predefined set of inputs or limited number of generated inputs
  • 14. Every time a test fails, pentesters expand the search Every time a test fails, pentesters expand the search With QAs, every time a test fails, they return the code to the Dev team With QAs, every time a test fails, they return the code to the Dev team
  • 15. Pentesters have more time and they are working on the LIVE environment Pentesters have more time and they are working on the LIVE environment QAs do their tests on mockup/staging environments QAs do their tests on mockup/staging environments
  • 16. Pentesters use tools for generating wordlist and dictionaries Pentesters use tools for generating wordlist and dictionaries QAs should start doing the same...QAs should start doing the same...
  • 17. Sometimes pentesters get their hands on binaries and they do try to reverse them, to understand and break them Sometimes pentesters get their hands on binaries and they do try to reverse them, to understand and break them I'm yet to see a QA do some reversing...I'm yet to see a QA do some reversing...
  • 18. ❖❖ Decision table testingDecision table testing ❖❖ All-pairs testingAll-pairs testing ❖❖ Equivalence partitioningEquivalence partitioning ❖❖ Boundary value analysisBoundary value analysis ❖❖ Cause–effect graphCause–effect graph ❖❖ Error guessingError guessing ❖❖ State transition testingState transition testing ❖❖ Use case testingUse case testing ❖❖ User story testingUser story testing ❖❖ Domain analysisDomain analysis ❖❖ Combining techniqueCombining technique Black/Gray box testingBlack/Gray box testing
  • 19. Generally pentesters use more tools for a single test then QAs. They try to combine more then one completely valid use case, to construct one test, that will break the system. Generally pentesters use more tools for a single test then QAs. They try to combine more then one completely valid use case, to construct one test, that will break the system.
  • 20. And here is something from the bookAnd here is something from the book Exploiting SoftwareExploiting Software:: An attacker starts with breaking theAn attacker starts with breaking the rules and undermining assumptions.rules and undermining assumptions. One of the key assumptions to test isOne of the key assumptions to test is the "implicit trust" assumption.the "implicit trust" assumption. Attackers will always break any ruleAttackers will always break any rule relating to when, where, and what isrelating to when, where, and what is "allowed""allowed" Black/Gray box testingBlack/Gray box testing
  • 21. If you want to broaden your test case horizons... I advise you to read the specific techniques outlined in "Exploiting Software" If you want to broaden your test case horizons... I advise you to read the specific techniques outlined in "Exploiting Software"
  • 22. ❖❖ shell command injectionshell command injection * argument injection* argument injection * command delimiters* command delimiters * multiple parsers and double escapes* multiple parsers and double escapes ❖❖ Plumbing pipes, ports and permissionsPlumbing pipes, ports and permissions ❖❖ Exploiting the filesystemExploiting the filesystem * user-supplied variable passed to the filesystem calls* user-supplied variable passed to the filesystem calls * postfix null terminator* postfix null terminator * postfix null terminate and backslash* postfix null terminate and backslash * relative path traversal* relative path traversal ❖❖ Manipulating environment variablesManipulating environment variables ❖❖ Leveraging poor session authenticationLeveraging poor session authentication * Session ID, Resource ID and Blind trust* Session ID, Resource ID and Blind trust * Bruteforcing session IDs* Bruteforcing session IDs * Multiple paths of authentication* Multiple paths of authentication * Failure to check error codes* Failure to check error codes Specific techniquesSpecific techniques
  • 23. ❖❖ Every QA is doing exactly thisEvery QA is doing exactly this White box testingWhite box testing
  • 24. ❖❖ Every QA is doing exactly thisEvery QA is doing exactly this ❖❖ But let's look at the differencesBut let's look at the differences White box testingWhite box testing
  • 25. ❖❖ Pentesters do whitebox testingPentesters do whitebox testing * when they are testing opensource apps* when they are testing opensource apps * if they were given the code* if they were given the code ❖❖ Pentesters usually try to find bugs in thePentesters usually try to find bugs in the integration between the app they have theintegration between the app they have the source to and the app which source they don'tsource to and the app which source they don't ❖❖ Pentesters check, does the software complyPentesters check, does the software comply withwith allall the security guidelines for the specificthe security guidelines for the specific language or systemlanguage or system White box testingWhite box testing
  • 26. ❖❖ Pentesters use debuggersPentesters use debuggers * to inject code* to inject code * change memory* change memory * even change the flow of the application* even change the flow of the application ❖❖ Injecting code or otherwise influencing theInjecting code or otherwise influencing the application is considered by many, not possible.application is considered by many, not possible. * This is now a reality!* This is now a reality! ❖❖ Pentesters consider bug in one layer as anPentesters consider bug in one layer as an open door for your whole appopen door for your whole app White box testingWhite box testing
  • 27. ❖❖ Code coverageCode coverage * Control flow testing* Control flow testing * Data flow testing* Data flow testing * Branch testing* Branch testing * Statement coverage* Statement coverage * Decision coverage* Decision coverage * Modified condition/decision coverage* Modified condition/decision coverage * Prime path testing* Prime path testing * Path testing* Path testing White box testingWhite box testing QA
  • 28. ❖❖ Code static analysisCode static analysis ❖❖ Analysis ofAnalysis of * memory states, finding possible entry* memory states, finding possible entry points for malicious codepoints for malicious code * interaction between different parts of* interaction between different parts of the software(exchanging data betweenthe software(exchanging data between APIs and Frameworks)APIs and Frameworks) ❖❖ Forcing race conditions, filling buffersForcing race conditions, filling buffers and then examining the performance ofand then examining the performance of the app and its memory structuresthe app and its memory structures White box testingWhite box testing QA
  • 29. ❖❖ In order to be able to build moreIn order to be able to build more extensive tests, you have to be aware ofextensive tests, you have to be aware of the possible issues that may happenthe possible issues that may happen with:with: - your software- your software - the language(s) that you are using- the language(s) that you are using - the infrastructure that is hosting your- the infrastructure that is hosting your applicationsapplications Finally!Finally!
  • 30. We are hiring!We are hiring! THANK YOUTHANK YOU Marian HackMan Marinov <[email protected]>
  • 31. Related booksRelated books Marian HackMan Marinov <[email protected]>
  • 32. We are hiring!We are hiring! THANK YOUTHANK YOU Marian HackMan Marinov <[email protected]>