Thursday, June 25, 2020

Return-oriented programming


  • Return-oriented programming

Return-oriented programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as executable space protection and code signing.
In this technique, an attacker gains control of the call stack to hijack program control flow and then executes carefully chosen machine instruction sequences that are already present in the machine's memory, called "gadgets".Each gadget typically ends in a return instruction and is located in a subroutine within the existing program and/or shared library code. Chained together, these gadgets allow an attacker to perform arbitrary operations on a machine employing defenses that thwart simpler attacks.
https://en.wikipedia.org/wiki/Return-oriented_programming


  • Executable space protection

In computer security, executable-space protection marks memory regions as non-executable, such that an attempt to execute machine code in these regions will cause an exception. It makes use of hardware features such as the NX bit (no-execute bit), or in some cases software emulation of those features. However technologies that somehow emulate or supply an NX bit will usually impose a measurable overhead; while using a hardware-supplied NX bit imposes no measurable overhead.
https://en.wikipedia.org/wiki/Executable_space_protection


  • Code signing

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The process employs the use of a cryptographic hash to validate authenticity and integrity.
The efficacy of code signing as an authentication mechanism for software depends on the security of underpinning signing keys. As with other public key infrastructure (PKI) technologies, the integrity of the system relies on publishers securing their private keys against unauthorized access. Keys stored in software on general-purpose computers are susceptible to compromise. Therefore, it is more secure, and best practice, to store keys in secure, tamper-proof, cryptographic hardware devices known as hardware security modules or HSMs
https://en.wikipedia.org/wiki/Code_signing

Side-channel attack


  • Side-channel attack

In computer security, a side-channel attack is any attack based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself (e.g. cryptanalysis and software bugs). Timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited.
General classes of side channel attack include:

    Cache attack — attacks based on attacker's ability to monitor cache accesses made by the victim in a shared physical system as in virtualized environment or a type of cloud service.
    Timing attack — attacks based on measuring how much time various computations (such as, say, comparing an attacker's given password with the victim's unknown one) take to perform.
    Power-monitoring attack — attacks that make use of varying power consumption by the hardware during computation.
    Electromagnetic attack — attacks based on leaked electromagnetic radiation, which can directly provide plaintexts and other information. Such measurements can be used to infer cryptographic keys using techniques equivalent to those in power analysis or can be used in non-cryptographic attacks, e.g. TEMPEST (aka van Eck phreaking or radiation monitoring) attacks.
    Acoustic cryptanalysis — attacks that exploit sound produced during a computation (rather like power analysis).
    Differential fault analysis — in which secrets are discovered by introducing faults in a computation.
    Data remanence — in which sensitive data are read after supposedly having been deleted. (i.e. Cold boot attack)
    Software-initiated fault attacks — Currently a rare class of side-channels, Row hammer is an example in which off-limits memory can be changed by accessing adjacent memory too often (causing state retention loss).
    Optical - in which visual recording can read secrets and sensitive data using a high resolution camera, or other devices that have such capabilities (see examples below)
https://en.wikipedia.org/wiki/Side-channel_attack

Functional Non-functional testing (cloud)








  • The main difference between functional and nonfunctional testing

Functional requirements: describe the behavior/execution of the software system
Non-functional requirements: describe the performance or usability of the software system

Here are some of the common functional testing techniques:

Installation testing – for desktop or mobile application, testing proper installation
Boundary value analysis – testing of the boundaries of numerical inputs
Equivalence partitioning – grouping tests together to reduce overlap of similar functional tests
Error guessing – assessing where functional issues are most likely to be found and testing these more extensively than other areas
Unit testing – testing performed at the smallest level of the software—not how the system is functioning as a whole, but whether each unit is executing properly
API testing – checks that internal and external APIs are functioning properly, including data transfer and authorization
Regression testing – tests that are performed to verify that new software changes did not have adverse effects on existing functionality (most common automation technique)


These are the chief nonfunctional testing techniques:

Load testing – tests performed on simulated environment to test the behavior of the system during expected conditions (various number of users)
Stress testing – testing performance when low on resources, such as server issues or lack of hard drive space on a device
Scalability testing – checking a system’s ability to scale with increased usage and to what extent performance is affected
Volume testing – testing performance with a high volume of data, not necessarily high number of users, but could be one user performing a high-volume task, such as a multiple-file upload
Security testing – tests performed to uncover how vulnerable the system is to attacks, and how well data is protected
Disaster recovery testing – checks on how quickly a system can recover following a crash or major issue
Compliance testing – tests of the software system against any set of standards (whether due to industry regulations or a company’s set of standards)
Usability testing – testing whether the GUI is consistent and if the application as a whole is intuitive and easy to use

https://testlio.com/blog/whats-difference-functional-nonfunctional-testing/#:~:text=Functional%20requirements%20are%20the%20WHAT,customer%20expectations%20are%20being%20met.

  • Differences between Functional and Non-functional Testing


Functional Testing:
Functional testing is a type of software testing in which the system is tested against the functional requirements and specifications. Functional testing ensures that the requirements or specifications are properly satisfied by the application. This type of testing is particularly concerned with the result of processing. It focuses on simulation of actual system usage but does not develop any system structure assumptions.
Non-functional Testing:
Non-functional testing is a type of software testing that is performed to verify the non-functional requirements of the application. It verifies whether the behavior of the system is as per the requirement or not. It tests all the aspects which are not tested in functional testing.
https://www.geeksforgeeks.org/differences-between-functional-and-non-functional-testing/
  • The implementation under test is that which implements the base standard(s) being tested.
https://link.springer.com/referenceworkentry/10.1007%2F978-0-387-73003-5_700

Implementation under test, a term used in technological vulnerability analysis, particularly protocol evaluation
https://en.wikipedia.org/wiki/IUT

Implementation Under Test (IUT) That part of a real system which is to be tested, which should be an implementation of applications, services or protocols.
https://portal.etsi.org/CTI/CTISupport/Glossary.htm

  • The main difference is that regression testing is designed to test for bugs you don't expect to be there, whereas retesting is designed to test for bugs you do expect to be there.
The point of regression testing is to ensure that new updates or features added to software don’t break any previously released updates or features.
To perform regression testing you typically have a regression suite – a series of test cases set up to test these older features.
Regression test cases are often automated because these tests build up as the software changes or grows

retesting is designed to test specific defects that you’ve already detected (typically during your regression testing).
In other words, regression testing is about searching for defects, whereas retesting is about fixing specific defects that you’ve already found.
https://www.leapwork.com/blog/difference-between-retesting-and-regression-testing

Regression testing is performed for passed test cases while Retesting is done only for failed test cases
Regression testing checks for unexpected side-effects while Re-testing makes sure that the original fault has been corrected.
Regression Testing doesn’t include defect verification whereas Re-testing includes defect verification.
Regression testing is known as generic testing whereas Re-testing is planned testing.
Regression Testing is possible with the use of automation whereas Re-testing is not possible with automation.
https://www.guru99.com/re-testing-vs-regression-testing.html

  • Examples of Functional testing are
Black Box testing
https://www.guru99.com/functional-testing.html

Black-box testing. Contrary to white-box testing, black-box testing involves testing against a system where the internal code, paths and infrastructure are not visible. Thus, testers use this method to validate expected outputs against specific inputs. 
https://www.applause.com/blog/functional-testing-types-examples

  • It helps detect defects in the software.
Testing is done by executing the program. 
Dynamic testing involves both functional and non-functional testing.
https://www.professionalqa.com/dynamic-testing
  •  Ensures the functionality, reliability, and performance between the integrated module.
 To be precise the success of Integration Testing lies in the perfection of the test plan.
 https://www.professionalqa.com/integration-testing