Software Security Testing and Certification Papers
Quality Assurance, Fuzzing and Buffer Overflows
Software Quality Assurance, Security Testing, Fuzzing and the Discovery of Buffer Overflows. Hackers break into applications by addressing normal access points in ways that developers didn’t intend or foresee. A very common method of forcing entry is by buffer overflow. The tools used most often by hackers to discover buffer overflow weaknesses; fuzzers.
For paper, see: beSTORM Quality Assurance, Fuzzing and Buffer Overflows
Black Box Software Security Testing
beSTORM represents a new approach to software security testing. This new approach is sometimes called “fuzzing” or “fuzz testing” and can be used for securing in-house software applications and devices, as well as testing the applications and devices of external vendors.
For paper, see: Black Box Software Testing
beSTORM – Certification
Reliably certify any networked hardware or software for compliance with industry RFCs, while checking it for known and unknown security weaknesses. Software security testing can be done to meet test lab standards prior to shipping products.
For paper, see: beSTORM – Certification
beSTORM and the SDL
Black box Fuzz Testing is a requirement of the sofware security testing phase of the SDL, the industry-leading software security assurance process that was created by Microsoft and proven effective since 2004.
Given diligent application of required security activities in the Design and Implementation phases, fuzzing done at the Verification phase confirms that attack surface reduction and threat modeling were complete and that resulting code was well written from a security standpoint. We recommend that beSTORM is used for this.
For paper, see: beSTORM and the SDL
Dynamic Aviation Software Security Testing
Dynamic Aviation Software Testing. Software for aircraft systems, from navigation to the entertainment system, must be proven to be free of unwanted reaction to every possible input, whether predicted by the designers or not. Safe operation of an aircraft depends upon every component being able to operate not only when receiving expected data, but must be able to keep its head about it when the unexpected happens. Given the diverse range of protocols that can be used and learned by beSTORM, we highly recommend that it is used for software security testing.
For paper, see: Dynamic Aviation Software Testing
Software Security Testing of IoT Devices
The Internet of Things (IoT) encompasses any and all products that are connected to the internet or to each other. Any product which requires connection to a home, car or office network to deliver its complete set of features falls under this broad term. In fact cars themselves are now a component of the IoT as they now exchange data with the manufacturer routinely if not continuously. beSTORM is the solution we recommend for software security testing all things internet.
For paper, see: Security Testing the Internet of Things -IoT
Security Testing of Critical Infrastructures
Energy, Water, Healthcare, Transport, Communication and Food are some examples of critical services essential for the functioning of any nation. Non-availability or even limited non-performance of these critical infrastructures quickly results in disturbance and distress. Hacking of these systems has surpassed physical attacks as the most serious security issue facing network operators and governments. We recommend using beSTORM when searching for those vulnerabilities, it tests for any and every combination and slightest of anomalies.
For paper, see: Security Testing of Critical Infrastructures
Software Security Testing and Certification of Medical Devices
Medical devices, fully self-sufficient appliances in their own right, aim to revolutionize the healthcare industry. They educate and empower patients to keep a check on their health, aid doctors and patients detect disease(s), assist in medical processes, let patients control and manage their health and make personal fitness more exciting. Before letting your application or device go live, we recommend that you software security test and certify it with beSTORM.
For paper, see: Security Testing and Certification of Medical Devices