Shulou(Shulou.com)06/03 Report--

How to use ThreadingTest to improve the efficiency of Software Security testing (Ⅱ)

The test case is run by ThreadingTest, the ultra-high-speed graphics technology of TT million element level is used to display the diagram, and the functional logic of all kinds of large, medium and small software is analyzed to realize the mutual traceability between the test case and the source code to be tested. The traceability technology makes it convenient for users to view and design test cases. Through the analysis of measured cases based on two-way traceability, testers can quickly track the scope of modified code. Targeted supplementary test cases for modified modules and affected modules can minimize the cost of regression testing.

Forward traceability technology:

By clicking on a test case, trace back to the function control chart corresponding to the use case, and show the logic and structure of the test, click on one of the functions, you can view the function's coverage, complexity, code, control flow chart and other information, help testers find test omissions through simple inspection, and help developers directly locate the defects found by the test, and the efficient interaction between testing and development. Imagine that when a core engineer leaves, what he takes away is the understanding and development ideas of the whole program, and the handover engineer needs to spend a lot of time to understand. Through forward traceability, TT can enable the handover engineer to quickly grasp and understand the development ideas of the program through the information such as program logic and structure shown by the test case.

Reverse traceability technology:

By clicking on a function in the function list, trace back to the function call diagram, control flow chart and source code corresponding to the function, click on the source code, and trace back to the list of test cases executed by the source code. Imagine that when a program needs to be changed and upgraded frequently, the pressure on the tester is enormous. The tester cannot accurately determine whether the code changed by the developer affects other functions. The program can only be retested, but through reverse tracing, the tester clearly sees the test case table affected by the changed code, through the cumulative coverage technology. The time of regression testing is greatly shortened.

Most software security tests are carried out according to the principle of defect space reverse design, that is, check in advance where there may be potential security risks, and then test against these possible hidden dangers. Therefore, the reverse testing process is to start from the defect space, establish the defect threat model, find the * * points through the threat model, and scan and test the known vulnerabilities. The advantage is that known defects can be analyzed to avoid known types of defects in the software, but there is usually nothing you can do about unknown means and methods. TT can track and analyze the execution logic of the program in the process of forward and backward security testing. Combined with the normal functional execution logic, the detailed immunity and infection degree of the tested program to the simulation during the testing process can be given. The condition is true or false, as well as the execution sequence information of the program segment, which can help security testing and developers quickly understand how the weakness of the program is exploited, and help quickly fix the security problem.

Visual code structure security review using two-way traceability

Code review is a necessary but insufficient way to implement secure software. Security flaws, especially in C and C++, are obvious, while architectural flaws are the really thorny issue. ThreadingTest aims at code-level compilation analysis and running the program after inserting piles. Through static and dynamic code analysis, TT provides a rich visual interface, including function call diagram, control flow chart, coverage visualization view, cumulative coverage view, multi-version comparison view, version test data report view and so on. Through the targeted information mining of each view, the problem can be located quickly.

Separate code reviews are a particularly useful method, but because this type of audit can only identify defects, even the best code reviews can only find about 50% of security issues. Modern systems are made up of millions of lines of code, and this approach is even less effective. Before the emergence of the two-way traceability technology of test cases and code, the code of large-scale applications can only be checked and analyzed through manual static process, manual static checking and analysis, because of the complexity and complex logic of the program logic. and there will be a big difference between manual understanding and real execution in the running environment. The function of TT to the generation and traceability of massive corresponding data of code execution are all based on dynamic operation, which can be simply understood as an advanced and systematic Debug technology, which is based on the actual results of the dynamic operation of the program. It can distinguish the execution path of each function point, instead of mixing the logic of all the function points and analyzing them together. Large software usually has millions of lines of code, which cannot be mastered in a short time as a professional security testing team rather than a software developer, while TT can greatly reduce the difficulty of code review and security testing. It enables independent third-party security testing teams to quickly launch source code-based analysis. ThreadingTest's two-way traceability patent is actually a sharp tool for structured and visual analysis of software function implementation, and it is also an auxiliary analysis tool best used for software function security analysis.

The traceability function of TT based on the dynamic running of the program can quickly locate the code logic of the real execution of specific functions. Through the forward traceability function, TT can clearly record and analyze the corresponding code execution sequence in various situations. For some special security checks, TT can directly give the execution path of the code corresponding to each security test case. In this way, the relevant code segments can be analyzed quickly. Compared with the general static analysis, the follow from the function point (test case) of TT to the code truly records the execution of the program during the running of the use case. Compared with some static analysis methods, the data of TT is very accurate, so it can provide powerful auxiliary analysis for security testing. TT can provide security functional testing methods. Provides a lot of support for forward traceability in the following security test scenarios:

1. In the scenario of uploading files, file types are usually required to be filtered from a security point of view, so when the black box test method is used to simulate the upload process of various file types, through TT, we can record the processing logic corresponding to the program during the upload process of various types of files. After extracting the relevant code directly, the security tester can check the security behavior of the code that records the real execution process. It can be analyzed whether to check the type and name of the uploaded file in the corresponding code, and use the correct expression to strictly check the file name, limiting the file name to include only letters and numbers, and restricting the operation permission of the file. and verify the access path of the file.

two。 For the detection of software permissions, there are usually different logics within the programs with different permissions. Through the two-way traceability function of TT, testers can directly get the real rights judgment code of users with different permissions in the software and analyze them. This avoids errors caused by human static analysis of a large amount of code and does not conform to the actual execution.

3. TT can be used to verify the verification code logic of all kinds of external input, and to judge whether the program has the corresponding correct code logic to check and verify in the process of various business data input and excuse data input. Through forward traceability, the corresponding processing logic of the program in various special character input cases is quickly extracted for review by developers and security testers.

4. For key functions, by extracting the running logic code and the surrounding related code, TT can show whether there is an exception handling mechanism in the main logic. And in the case of a real error in the program, TT will fully record the whole execution process after the exception occurs, and whether there is a reasonable exception handling protection mechanism to facilitate code exception handling related analysis and security detection.

Automatically compare whether the design and requirements are consistent, and reduce the security defects of the software from the design point of view.

Using forward traceability, when the test execution is completed, the program execution logic and the correlation of program modules obtained through forward traceability are used to analyze whether the program logic is consistent with the detailed design. If the design is inconsistent, even if there is no problem with the functional implementation itself, but because the implementation violates the principles of the design, then the implementation is likely to have potential security risks.

Using reverse function, we can also effectively compare whether the design is consistent with the implementation. In general, detailed design documents will state which functions a module provides services from a design point of view. The reverse traceability function provided by TT can reverse the use of key modules by function points (test cases) after recording the logical relationship between function points (test cases) and executing code.

Detection of exception execution sequence and logic

Using TT, you can record the execution sequence under functional normal logic and record it into the database. When testing the program with * * tools and various artificial test cases with simulation nature, if the behavior of the program changes, by comparing and analyzing the record of the execution sequence in the * mode and the normal mode. You can evaluate whether there is a security risk in the program under test and perform unconventional actions to help determine whether the software has been breached. For example, the common buffer overflow will interrupt the normal execution sequence of the program to execute other code; the security problems of SQL injection classes can also be analyzed by using TT code execution logic tracing function in the performance of the internal execution path of the program.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.