Wednesday, January 25, 2017

Software Security Quiz 1

1. What is penetration testing?

A procedure for testing libraries or other program components for vulnerabilities

Whole-system testing for security flaws and bugs

A security-minded form of unit testing that applies early in the development process

All of the above

2. Which of the following are benefits of penetration testing?

Results are often reproducible
Full evidence of security: a clean test means a secure system

Compositionality of security properties means tested components are secure even if others change

They specifically consider adversarial thinking, which is not usually necessary for normal tests

3. What does it mean to "be stealthy" during a penetration test?

Performing the tests from an undisclosed location

Using encryption during tests to make the source of attacks impossible to determine

Performing penetration testing without the target organization knowing

Taking care to avoid activities during a penetration test that might attract attention, e.g., by operators or IDS services

4. What is a web proxy?

A piece of software that intercepts and possibly modifies requests (and responses) between a web browser and web server

An agent that makes decisions on the client's behalf when interacting with web applications

A piece of software that makes a web application look like a standalone application, making it easier to test

A simulator for the web, for use when off-line

5. What is Nmap?

It is a scanner which works by injecting packets to a range of addresses, and inferring what hosts and services might be at those addresses, based on the responses

It is a network fuzz testing tool

It is a map of the Internet

It is a suite of tools for scripting attacks: probe, construct, encode, inject, wait for response

6. What is ethical hacking?

"Hacking" ethics so they justify unintended selfish behavior

Hacking systems (e.g., during penetration testing) to expose vulnerabilities so they can be fixed, rather than exploited

Hacking into systems run by those whose ethics you disagree with

A slang term for rapid software development, e.g., as part of hackathons

7. Which of the following statements describe fuzz testing (aka fuzzing)?

It is concerned with finding known-bad behaviors, like crashes and hangs

It is always black-box, in being indifferent to the software's functionality

It is a cost-effective replacement for functional testing

It has been used to find security vulnerabilities in many commodity programs

8. Which of the following are true of whitebox fuzzing?

It makes no sense to combine it with grammar-based fuzzing since the latter is just another way to consider the program's semantics

SAGE is (at least in part) a whitebox fuzzer

Radamsa is (at least in part) a whitebox fuzzer

It takes into account the program's internals in some manner when deciding which inputs to choose

Which of the following is true of mutation-based fuzzing?

It generates each different input by modifying a prior input

It works by making small mutations to the target program to induce faults

Each input is mutation that follows a given grammar

It only makes sense for file-based fuzzing, not network-based fuzzing

10. Which of the following styles of fuzzer is more likely to explore paths covering every line of code in the following program?





11. Which of the following are functions of a network-based fuzzer?

Acting as a client

Acting as a server

Acting as a "man in the middle"

12. Suppose you want to use fuzzing on a program to try to find memory errors; which of the following statements is true?

You should not use a grammar-based fuzzer, because its adherence to the grammar means it will not find memory errors

Compiling the program with address sanitizer (ASAN) will make errors harder to reproduce

Compiling the program with address sanitizer (ASAN) will make the source of a memory error easier to find

Fuzzing doesn't find memory errors, it finds crashes and hangs

1 comment: