The Biden Administration includes the following initiatives for promoting safe AI by signing the Executive order.

1) New Standards for AI Safety and Security

• Developers need to share the safety test results of big AI systems with the government
• Work on the development of new standards for safe AI
• Protect US people from AI fraud (e.g. AI-generated content)
• Establish a cyber security AI program for managing software and fixing vulnerabilities

2) To protect the Privacy of the American people

• Protect the privacy of the American people by using AI techniques
• Fund research in developing cryptographic tools to protect private data
• Develop guidelines for government agencies to check the effectiveness of privacy-preserving techniques

3) Promote Equity and Civil Rights

• Use of AI in such as way that advances equity and civil rights
• Proper safeguards available for algorithmic discrimination

4) Better use of AI for vulnerable section

• Responsible use of AI in medical
• Promote the use of AI in the education sector

5) AI for labor

• Do study and prepare a report on the impact of AI on the labour market
• Minimize surveillance, bias, and job displacement because of AI in the labor market

6) AI for innovation

• Promote research in AI by funding researchers and students in the field
• Provide help and assistance to small developers and entrepreneurs

7) America be in a leadership role in the field of AI

• Work with other countries to promote the use of AI in a safe and secure way

8) Ensuring the use of AI efficiently in government

• The efficient use of AI in government minimizes the associated risks such as discrimination and safe decisions

As mentioned in order, the US is already working with allies to work on an AI governance framework. Currently, a lot of discussions are happening with different countries and the UN.

The post President Biden Releases a New Executive Order for Securing Artificial Intelligence first appeared on All About Testing.

This blog discusses 5 AI vulnerabilities that you must know in 2023.

Data Poisoning

Any AI system is fed with training data when training the system initially. If the attacker poisons the training data, the AI system learns the wrong patterns. As a result, the whole AI system behaves erroneously and does not work as expected.

For example, a Firewall with AI features is installed in a network to detect cyber attacks on the network. Initially, the Firewall learned the behavior of traffic by deploying it in the network. If an attacker sends malicious traffic in the beginning, the Firewall understands that the malicious packets are the expected ones. When it is operation stage, if the firewall again encounters the same type of malicious packets, it will allow it to learn that the receiving of malicious packets is normal.

Data Evasion

This type of attack is quite common against AI systems. In this type of attack, there will be changes in some training data, which result in a huge change in the assessment methodology of the model. Although, if humans consume the same data, there will be no change in the assessment.

Assume an AI system is deployed to determine the animal. If some pixels are changed in the image, the AI system is not able to identify the animal correctly. However, human eye can easily identify animals as elephants without any effort.

Membership Inference

Membership inference is an attack that targets machine learning models, including those used in AI applications. It involves an attacker attempting to determine whether a specific data point was part of the training dataset used to build a machine learning model.

This attack has important implications (e.g. medical data) for the privacy of individuals whose data is included in the training dataset.

Model Extraction

AI system operates on the principle of defined algorithms and processes. If an attacker knows the internal design of the AI system, this will pose a huge risk to the AI system. As an attacker is able to replicate the same model, by making some malicious changes in the system.

In this type of attack, the attacker easily fools the AI system as he/she knows all the design and implementation details of the AI system.

Model Inversion

This type of attack works on the principle of reverse engineering. Here, the attacker changes the output and tries to get private information.

In summary, model inversion is an attack that focuses on the reverse engineering of a machine learning model and helps in uncovering sensitive data used in its training.

The post 5 AI Vulnerabilities You Must Know in 2023 first appeared on All About Testing.

This blog provide a penetration testing checklist guide to test the web application for security flaws.

Preparation of Pen Test

• Identify the scope – Endpoints, URLs, Number of Static and Dynamic pages
• Ask developer to create staging environment similar to production environment
• Whitelist IP addresses that need to be use by Pen Tester to attack application

Type of Penetration Testing

• Black Box – No support available from the developer side
• Gray Box – Partial support available from the developer side
• White Box – Full support available from the developer side

Documentation Required in case of Gray Box and White Box Penetration Testing

• Design Document
• User Manual Document
• Access Control Document
• Data Flow charts
• Usernames and Passwords for different roles

Stages of Penetration Testing

As a Pen Tester, you should know the steps to test the web application for vulnerabilities. There are generally five steps to follow to perform penetration testing:

1. Reconnaissance

Reconnaissance is a process of collecting all the technical information related to the target. Below are the information you should collect related to the target.

• Identify Web Server and Technologies – by using tool Wappalyzer
• Search Engine Discovery Reconnaissance for Information Leakage – refer detail blog on using search engines for hacking web application
• Identify Webserver Metafiles for Information Leakage
• Enumerate Applications on Webserver
• Review Webpage Content for Information Leakage
• Identify Application Entry Points
• Map Execution Paths Through Application
• Fingerprint Web Application Framework
• Map Application Architecture

Reconnaissance is further divided into Active Reconnaissance and Passive Reconnaissance.

2. Scanning of Web Application using Automated Scanner

As covering and reviewing for vulnerabilities of whole application is next to impossible, it is always recommended to scan web application with automated scanner like BurpSuite, AppScan, NetSparker, etc.

3. Assessment of Identified Security Flaws

Once vulnerabilities discovered by the Automated Scanner, assessment of those security flaws should be start. Generally, lot of false positive issues have been provided by Automated Scanner. As a Pen Tester, you should be able to discard false positive in this particular stage.

Manual Techniques also need to apply to test business logic flaws in the web application. In addition, other manual techniques to identify vulnerabilities in web applications.

4. Try of Exploitation

In this step, Pen Tester try to exploit identified vulnerabilities in the web application. This will showcase the severity of issues to the developers and other stakeholders.

5. Reporting of Results

This is very important step to provide all details related to identified security flaws.

Two types of report may be prepared for reporting of results.

Detailed report with all details of vulnerabilities and POC will be provided to developer to resolve the issues.

Higher Management is looking for a report which is concise without losing details of vulnerabilities identified during the Penetration Testing.

Following PenTest Checklist is recommended as per OWASP Testing Guide to Test the Web Application

Configuration and Deployment Management Testing

• Network Infrastructure Configuration
• Application Platform Configuration
• File Extensions Handling for Sensitive Information
• Review Old Backup and Unreferenced Files for Sensitive Information
• Infrastructure and Application Admin Interfaces
• HTTP Methods
• HTTP Strict Transport Security
• RIA Cross Domain Policy
• File Permission
• Subdomain Takeover
• Cloud Storage

Identity Management Testing

• Role Definitions
• Account Provisioning Process
• Account Enumeration and Guessable User Account
• Weak or Unenforced Username Policy

Authentication Testing

• Credentials Transported over an Encrypted Channel
• Default Credentials
• Weak Lock Out Mechanism
• Bypassing Authentication Schema
• Vulnerable Remember Password
• Browser Cache Weaknesses
• Weak Password Policy
• Weak Security Question Answer
• Weak Password Change or Reset Functionalities
• Weaker Authentication in Alternative Channel

Authorization Testing

• Directory Traversal File Include
• Bypassing Authorization Schema
• Privilege Escalation
• Insecure Direct Object References

Session Management Testing

• Session Management Schema
• Cookies Attributes
• Session Fixation
• Exposed Session Variables
• Cross Site Request Forgery
• Logout Functionality
• Session Timeout
• Session Puzzling
• Session Hijacking

Input Validation Testing

• Reflected Cross Site Scripting
• Stored Cross Site Scripting
• HTTP Verb Tampering
• HTTP Parameter Pollution

SQL Injection

• Oracle
• MySQL
• SQL Server
• PostgreSQL
• MS Access
• NoSQL Injection
• ORM Injection
• Client-side

LDAP Injection

XML Injection

SSI Injection

XPath Injection

IMAP SMTP Injection

Code Injection

• Local File Inclusion
• Remote File Inclusion

Command Injection

Format String Injection

Incubated Vulnerability

HTTP Splitting Smuggling

HTTP Incoming Requests

Host Header Injection

Server-side Template Injection

Server-Side Request Forgery

Error Handling

• Improper Error Handling
• Stack Traces

Weak Cryptography

• Weak Transport Layer Security
• Padding Oracle
• Sensitive Information Sent via Unencrypted Channels
• Weak Encryption

Test for Business Logic

• Business Logic Data Validation
• Ability to Forge Requests
• Test Integrity Checks
• Process Timing
• Number of Times a Function Can Be Used Limits
• Circumvention of Work Flows
• Defenses Against Application Misuse
• Upload of Unexpected File Types
• Upload of Malicious Files

Client-side Testing

• DOM-Based Cross Site Scripting
• JavaScript Execution
• HTML Injection
• Client-side URL Redirect
• CSS Injection
• Client-side Resource Manipulation
• Cross Origin Resource Sharing
• Cross Site Flashing
• Clickjacking
• WebSocket Testing
• Web Messaging
• Browser Storage
• Cross Site Script Inclusion

API Testing

Testing of GraphQL

The post Pen Test Checklist for Web Applications first appeared on All About Testing.

For instance, networking tools are deployed at the premises to mitigate denial of service attacks. For the identification of any web vulnerability, different security scanning tools are available.

Types of Cyber Security Tools

Cyber Security is a broad term that covers everything related to securing IT assets from bad people. There are a lot of tools available to secure the data and IT infrastructure from attacks. We will discuss 4 types of cyber security tools in brief that are used for the protection of IT assets.

Further, You may refer to the Most Asked Cyber Security Interview Questions & Answers.

Application Security Tools

Most of the attacks are carried out by exploiting vulnerabilities available in the web application. Those vulnerabilities arise due to exploits available on the open web. Also, on a daily basis, tons of zero-day vulnerabilities are found in the world by security researchers and hackers.

It is not easy to find vulnerabilities by manual methods. There are a lot of tools available in the market to find vulnerabilities in the web application. Open-source tools are also available to find issues in web applications.

Network Security Tools

Network Security Tools covers most of the tools that help in securing IT infrastructure. Network security monitoring tools, Network Intrusion Detection, Firewalls, Managed Detection Services, Security Information and Event Management (SIEM), Privilege Access Management (PAM), etc.

Antivirus Softwares

Antivirus software is the most used program to find malicious software on desktops, laptops, and servers. You have encountered many antivirus software to use your system to get rid of malicious programs.

Vulnerability Assessment Tools

Any website deployed on the servers also has vulnerabilities. To identify those vulnerabilities in the operating system, virtualization software, firewalls, routers, etc, vulnerability assessment tools are required.

Both commercial and open-source tools are available to identify vulnerabilities in the IT assets.

Top Cyber Security Tools for Beginners

These tools are used by cyber security professionals to carry out different tasks to ensure Confidentiality, Integrity, and Availability of the system. Here, we will discuss some tools that are used by beginners in the field of cyber security.

BurpSuite

Burpsuite is the most popular tool for identifying web vulnerabilities. This tool has many features even in the community edition. This tool helps to enhance the pace of the testing process by providing an Intruder, Repeater, Sequencer, Decoder, and many more features.

The Burpsuite Pro version (commercial) has an automated application scanner that provides a list of vulnerabilities in the web application. Pro-exclusive BApp extensions are also may be used to automate the process. Overall, Burpsuite is a must-use tool for beginners to hone their skills in cyber security.

OWASP ZAP

OWASP ZAP is an open-source web application scanning tool and has the capability to test the web application. This tool has most of the features available in Burpsuite. For a detailed comparison, you may refer to the blog Burpsuite vs OWASP ZAP.

Refer to How to download OWASP ZAP vulnerability scanner to install on your system.

Tenable Nessus

Tenable Nessus is a vulnerability scanner to identify issues of operating systems, devices, and applications. This tool is used by most security professionals to carry out Vulnerability Assessment (VA) activity.

More than 157,000 plugins are available that automatically update in real-time to find vulnerabilities in the IT infrastructure.

Security Auditors also use Nessus as 450 compliance and configuration templates are available. You can compare Nessus with another tool Nexpose by following the link.

NMap

NMap is the most popular port scanning tool to identify open ports in a network. This tool also provides common vulnerabilities available on the device.

Nikto

Nikto is a free application security scanner that provides basic vulnerabilities in web applications. The main advantage of using Nikto as it is very easy to use.

The post Top Cyber Security Tools for Beginners first appeared on All About Testing.

The potential of AI is huge and it is difficult to tackle associated risks and threats in AI systems. Currently lot of work is in progress to define protocols and standards to understand the AI systems.

For securing AI, it is essential to have mature standards to understand the behavior of AI and at the same time, to assess the AI.

If you are interested to assess the AI system, Click Here for a checklist to audit AI/ML systems.

This blog lists cyber security standards related to AI which deals with all the issues that arise because of AI.

ISO/IEC 27090

• Currently in the under-development stage
• Provide guidance to organizations on mitigating risk and threats in AI system
• Provide guidance to understand issues that arise because of an AI system
• Applicable for both Public and Private organizations, that are involved in the development or use of the AI system

ETSI Released documents for securing Artificial Intelligence (AI)

• ETSI is a European Telecommunications Standards Institute that provides standardization of information and communication technologies (ICT)
• ETSI released a series of documents that provide insight into secure AI systems
• Documents List:
  • Securing Artificial Intelligence (SAI); Problem Statement
  • Securing Artificial Intelligence (SAI); Mitigation Strategy Report
  • Securing Artificial Intelligence (SAI); Data Supply Chain Security
  • Securing Artificial Intelligence (SAI); AI Threat Ontology
  • Securing ArtificiaI Intelligence (SAI); The role of hardware in the security of AI
  • Securing Artificial Intelligence (SAI); Artificial Intelligence Computing Platform Security Framework
  • Securing Artificial Intelligence (SAI); Proofs of Concepts Framework
  • Securing Artificial Intelligence (SAI); Explicability and transparency of AI processing
  • Securing Artificial Intelligence (SAI); Automated Manipulation of Multimedia Identity Representations
• All documents available on the link freely

ENISA released a framework for cybersecurity practices of AI

• European Union Agency for Cybersecurity (ENISA)
• Released a framework for CyberSecurity Practices of AI
• Available on Link freely

ISO/IEC TR 27563

• Published in 2023
• Provide best practices for assessing the security and privacy of AI system
• Provide security and privacy-related concerns, risks, controls, assurance, and plans
• Need to pay for assessing these standards

ISO/IEC TR 24030

• Published in 2021
• Provides Use Cases of AI applications
• Need to pay for assessing these standards

You may refer other cyber security to secure IT assets that help in deploying AI systems

Conclusion

Since AI and cybersecurity are dynamic fields, it’s essential to stay updated with the latest standards and best practices to ensure that your AI-based security solutions are both effective and compliant with industry and regulatory requirements.

The post Complete List of AI Cyber Security Standards first appeared on All About Testing.

Cyber Security Company

Cyber Security companies provide different services such as vulnerability research, application security, penetration testing, cloud security, blockchain security, AI/ML security, etc.

Cyber Security companies also provide different cybersecurity products such as firewalls, Antivirus, Vulnerability scanners, Penetration Testing solutions, Cloud Protection solutions, etc. to secure digital assets.

Top 20 Cyber Security Companies

Here is a list of the top 20 cyber security companies with details of their products and services. Please note companies are listed without specifying any particular sequence.

Frequently Asked Questions

The post Top 20 Cyber Security Companies first appeared on All About Testing.

Hardware Trojan is any modification in the circuitry of the Integrated Circuits(ICs) with malicious intentions. Modification in the IC circuit that leads to hardware trojan may be introduced at the time of the design or fabrication phase.

As we know the manufacturing process of ICs is fabless. The term “fabless” means the designing of hardware in one place or country and the actual manufacturing of silicon wafers or chips in another place or country. So it is challenging to identify the real source of contamination

Please understand that most of the techniques available to identify HTs are based on specific behaviors and attributes. Furthermore, if you employ an arbitrary method to detect trojans, the chances of failure are considerably higher. This blog provides you with a brief overview of methods of detection of hardware trojan or HT in the ICs.

Attributes of Hardware Trojans

• Hardware Trojan is usually small in size
• Generally passive as it triggers only after getting some specific input

Challenges in identification of Hardware Trojans

• The size of HT is too small
• Reverse engineering is very difficult, costly, and time-consuming
• There is no guarantee that no HT will be available in the remaining circuit
• HT is specifically constructed for stealth purposes.

Identify Hardware Trojans – Methods for Detection

Before starting the methods to identify hardware trojans, remember one thing “No method can identify the trojan with 100 percent accuracy”. This simply means no method can guarantee for identification of all Trojans in the IC. However, there are still some methods to identify Trojans.

Prevention Techniques to Identify Trojans During Design and Fabrication

Techniques to Identify Trojans After Fabrication

Destructive method – It involves reverse engineering technique to unfold different layers of ICs with the powerful microscope including the optical microscope and then compare the design and placement of different gates with the original design. Golden design is required to identify the trojan in this method.

Non-Destructive Methods

Run Time – Analyze the behavior of the device while running and compare it with the ideal results to identify the discrepancy. It is recommended to use error detection methods to detect trojans in FPGA and system-on-chip (SoC)

Test Time – This method is based on the logic testing approach. Different test cases are used as input to identify any unusual behavior of output.

Side Channel Analysis – One of the best methods to detect hardware trojans by analysis of leakage of physical parameters during run time of ICs. Physical parameters such as acoustic, EMI/EMC, power, etc. are used to determine secret cryptographic keys.

The post How to Identify Hardware Trojans: Methods for Detection first appeared on All About Testing.

Physical and logical parameters, including particular temperatures and humidity, wireless signals, etc. may activate hardware Trojans.

Hardware Trojan circuitry is divided into two types of circuitry:

• Trigger circuit – activate on achieving certain physical and logical parameters such as input signals, timing, or environmental factors to activate HT. Trigger circuitry is responsible for activating the malicious functionality of the hardware Trojan.
• Payload circuit – execution of the unintended function that is not mentioned in the specification after activation of HT. Payload circuitry can be designed to leak sensitive data, disable the device, or create vulnerabilities.

Purpose of Hardware Trojan

The primary purpose of using a hardware trojan in an IC circuit is to bypass the security functionality to access the IT hardware or for information leakage. HT can disable or destroy the whole chipset available on the hardware. HT encompasses espionage by stealing data, sabotage by disrupting normal operations, data manipulation, creating backdoors for unauthorized access, counterfeiting, and DoS attacks.

HTs can compromise sensitive systems, intellectual property, and supply chains, posing grave security threats. Detection and prevention are crucial for preserving system trust and security.

Detection of Hardware Trojan

Test Methods used for the detection of Hardware Trojans are under research. It is tough to identify HT by using traditional methods. Below are some ways available to locate HT on the IT hardware. Countermeasures include physical inspection, side-channel analysis, functional testing, and secure supply chain practices. Mitigating hardware Trojan risks is vital to safeguarding critical infrastructure, military systems, intellectual property, and data privacy. You may refer additional blog on the Method of Detection of Hardware Trojans.

Side Channel Analysis – Detecting hardware Trojans using side-channel analysis involves collecting unintended information leakage like power consumption, and then analyzing this data for anomalies. All IT hardware emits different signals that include electrical, magnetic, acoustic, etc. Statistical techniques and machine learning are often employed for pattern recognition. It’s a specialized and ongoing challenge in hardware security, requiring expertise and access to target hardware. These residual signals may be utilized to identify malicious circuitry on the IC. Click Here to learn interview questions related to Side Channel Attacks.

Physical Checking of IC – This method involves the comparison of the circuit available on the chip with the actual chip with golden specifications. This method is not easy to detect hardware trojans. To identify hardware Trojans through physical inspection, examine a device’s physical components, employ microscopes, X-rays, CT scans, FIB analysis, electron microscopy, and reverse engineering. Look for irregularities, hidden components, or modifications, and compare with trusted references. Expert analysis is crucial, though some Trojans may remain undetected if highly sophisticated.

Built-in Tests – Tester inserted a small piece of additional circuitry to identify IT hardware access or extract sensitive information.

Functional Testing – This involves the analysis of input and output obtained on the chip. HT could be identified if there is a deviation from the actual design. Test patterns, signal analysis, fault injection, and stress testing are employed to detect anomalies or deviations from expected behavior. It complements other methods like physical inspection and is essential for robust hardware security assessment.

Conclusion

This blog provides you with a brief overview of Hardware Trojan. This blog explains Hardware Trojans about their malicious purposes, including data theft and system sabotage, and highlights the methods of detecting and preventing these Trojans.

The post Quick Overview: Understanding Hardware Trojans first appeared on All About Testing.

The primary purpose for the creation of the OWASP Top 10 for LLM applications is to mitigate the security and safety issues in large implementations utilizing LLM.

OWASP Top 10 for Large Language Models (LLMs) Applications

Click Here for the Checklist to perform an audit of AI/ML systems

LLM Application Data Flow

Demonstrate high-level architecture for a hypothetical large language model application

Reference

OWASP Top 10 for Large Language Models (LLMs) Applications

The post OWASP Top 10 for Large Language Models (LLMs) Applications first appeared on All About Testing.

(1) Perform Risk Assessment to identify all SCADA components in the network

Risk assessment is essential to identify the components of the SCADA system. This activity gives you a whole idea regarding the different parts deployed in a system. In addition, it gives you a security posture of the SCADA system by allowing you to see the security measures employed in a network.

(2) Perform security measures to mitigate risks identified in Risk Assessment activity

After the successful completion of the Risk Assessment, another activity is to take measures to mitigate identified risks. Some of the measures include but are not limited to

• Isolating unused components and devices in a network,
• Blocking unnecessary ports on the Internet,
• Remove/disable unnecessary services/software deployed in a network
• Harden components and devices as per industry best practices

(3) Never trust proprietary protocols to secure systems

If your vendors are fully transparent in providing details of security implementation, most of the issues vanish automatically. But in practice, most of them follow the principle to achieve security by obscurity.

(4) Renew deployed components and devices once recommended by vendors

This is the major problem associated with SCADA systems. As the price of any component is on the higher side, management generally takes a long time to replace same. One of the other reasons is the availability of compatible hardware available in the market. Most of the old components deployed in a system have security issues such as backdoors, known vulnerabilities, etc. Hackers generally need only one or two vulnerabilities to enter into the system.

(5) Implement a well-trained 24 X 7 Incident Response team

Implementing security measures is one part, and incident response is another trade that needs to implement to secure things once some breach is detected by the security team. The preparation of Standard Operating Procedures (SOPs) and implementation is the critical aspect of a successful response to any cyber attack.

(6) Arrange Technical Security Audits of the SCADA system from an independent agency

Quality security auditing can find ninety percent of security issues available in a network. It is recommended to conduct audits regularly and frequency will be based on recommendations of security experts. These audits helped organizations to ensure configurational issues in the SCADA network.

(7) Create internal Red teams having expertise in SCADA security to perform attacks just like Hackers

Create an internal SCADA Red team to simulate cyber attacks. This activity allows management to see how effective the security posture of the entire SCADA system. If an in-house Red team is not available, an organization may hire an external agency to do the activity.

(8) Create Disaster Recovery and System Backup Plan

In case of an actual cyber attack, a disaster recovery plan is the savior of that situation. To create an effective disaster recovery plan, regular drills may be organized, and identifying gaps in the exercise. Those gaps will provide an opportunity to implement more measures to fill those security gaps.

In addition, a system backup plan is essential to mitigate the risk of failing the system because of some reason. Ensure the system backup plan is effective against any mishappening.

(9) Implement Hardware and Software Configuration Management Plan

Managing the SCADA system is not easy. If an effective configuration management plan is not in place, it is almost impossible to identify changes in hardware and software deployed in a network. Hence, It is essential to create a proper log for deploying hardware and software in a SCADA network. This small measure will help in identifying changes in the whole SCADA system easily.

(10) Approval of Security Processes from Higher Management

Remember to get approvals from higher management for all the processes you follow to secure the SCADA system. The more you are informed about the risks associated with the SCADA system, the more easily you get approvals for any measure to improve the cyber security posture of the whole system.

The post 10 Tips to Secure SCADA Networks from Hackers first appeared on All About Testing.

The 2021 CWE Most Important Hardware Vulnerabilities

CWE-1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC)

If shared resources on SoC are not isolated properly, this weakness may arise. As the number of pins is limited, pins may be configured for multiple tasks. Hence, sometimes untrusted agents may have access to resources that should have access to only trusted agents.

This vulnerability will be detected using dynamic analysis by verifying each system resource (e.g. control register) mapping with trusted and untrusted agents.

CWE-1191 On-Chip Debug and Test Interface With Improper Access Control

This vulnerability allows attackers to access the internals of the device by accessing enabled test interfaces such as JTAG. If proper authentication is not enabled or the test interface is not disabled, an attacker may use a different hardware hacking tool (e.g. JTAGugator) to access those interfaces and extract sensitive information including firmware.

Sometimes developers choose to hide debug and test interfaces by following a principle of security by obscurity. This is not a recommended practice to achieve security by hiding on-chip debug and test interfaces.

CWE-1231 Improper Prevention of Lock Bit Modification

Lock bit is used for the prevention of restricting access addresses, registers, etc. but if methods used for prevention are not effective, an attacker may unlock the bit.

CWE-1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection

CWE-1240 Use of a Cryptographic Primitive with a Risky Implementation

This vulnerability arises when developers use home-developed cryptographic implements in the device. It is recommended to use well-tested implementation of cryptographic implementation such as FIPS.

CWE-1244 Internal Asset Exposed to Unsafe Debug Access Level or State

CWE-1256 Improper Restriction of Software Interfaces to Hardware Features

This type of vulnerability arises when a change in software configurations results in changes in hardware memory or register bits or emission of side channels.

CWE-1260 Improper Handling of Overlap Between Protected Memory Ranges

CWE-1272 Sensitive Information Uncleared Before Debug/Power State Transition

CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code

CWE-1277 Firmware Not Updateable

Sometimes firmware is not updatable for fixing operational and security issues. This type of vulnerability exposes customers permanently until that device is removed from the system.

CWE-1300 Improper Protection of Physical Side Channels

Physical Side Channel attacks are used to break cryptographic implementations used in hardware devices. This type of attack is taking advantage of residual emission of energy in the form of electromagnetic emission, acoustic, and power.

Reference

https://cwe.mitre.org/data/definitions/1343.html

The post Quick Overview: Hardware Security Vulnerabilities first appeared on All About Testing.

As supply chain attacks are on the rise, Checkmarx provides an in-depth report of security issues. You may refer to learn more about code review and what tools can be used for the activity. Also, it is recommended to go through the 50-Point Checklist for Secure Code Review.

This blog provides you with a quick review of the Checkmarx SAST tool that will help you in assessing the capabilities of the tool, also advantages, and disadvantages of the tool.

Advantages

• This tool is very effective in improving the security of applications. It also helps in securing the internal development process
• Able to secure open-source code
• Technical support for resolving issues is awesome
• The report format provides details of issues
• Integration with CI/CD tools available
• Easy to use
• Less number of false positive

Trial Available

The Checkmarx SAST tool is available for trial by requesting a demo on the official website. You need to provide a business email while requesting for email.

The post Quick Review – Code Review Tool Checkmarx SAST first appeared on All About Testing.

Brief Overview of file upload vulnerabilities

File upload vulnerabilities arise in web applications where there is an upload of some files (e.g. photos, resume, mark sheet, videos, etc.) on the application. If there is no validation related to the type of file while uploaded by the web server, there is a high chance of getting file upload vulnerabilities.

How to test file upload vulnerabilities

File upload vulnerabilities may be identified by using the following steps:

1. Identifying functionality on the web applications where the user is providing external files to the web application. For instance, on the Update Profile webpage, a photo of the user needs to be uploaded.
2. Upload file which is allowed by the web application. Note which type of files are allowed to upload on web applications.
3. Now, Try to find a way to upload files not allowed by the web application. There are several test methods available to bypass upload restrictions on web applications.
4. If found a way, try to execute those files and gain access to back end system.

Risks of identifying file upload vulnerabilities

Upload vulnerabilities are lethal for web applications and may compromise the whole back-end server.

Prevention of file upload vulnerabilities

There is enough literature available to mitigate file upload vulnerabilities. Here, I am listing prevention techniques of mitigations.

1. Allow upload only extensions that are needed for functionality
2. Check for file type by using different libraries as the Content-Type header may be spoofed.
3. Ensure a limit on the size of the file
4. Authenticate user before uploading on web applications
5. Web applications must use programs to sanitize the uploaded malicious files
6. Ensure the filename should be changed after uploaded on the web application
7. Use a whitelist for file upload rather than a blacklist of file types

The post Quick Overview: File Upload Vulnerabilities first appeared on All About Testing.

Types of Booting

(1) Hard Boot or Cold Boot

Hard Boot simply means starting a computer system from the switch-off state. Generally, you start a day in your office by switching on the computer system and clicking on the power button. That is called a hard boot or cold boot.

(2) Soft Boot or Warm Boot

Soft Boot simply means re-starting a computer system from the already switch-on state. If you are working on the computer system, sometimes you restart your computer because of updates or any other reason. That restart came under the soft boot or warm boot.

Windows System Files

Windows OS needs so many files to run properly. Some are very critical as if those files are missing, Windows does not boot up. While some are not very essential, as it does not affect the operating system’s running.

Generally, attackers try to corrupt system files to compromise the computer system. Hence, it is very critical to prevent OS to compromise with malicious software. Below is the list of files that are required while running OS.

Windows Boot Process

Windows 8 and above operating system uses the BIOS-MBR method or UEFI-GPT method. Please remember that the UEFI-GPT method is the newer method and the selection of the method depends on the choice of the user. BIOS-MBR method is also used by old Windows operating systems such as Windows XP, Vista, and Windows 7.

BIOS-MBR

1. The first step is to load the BIOS by hitting the power button. BIOS will check prerequisites such as whether the hardware is connected, and in a running state.
2. MBR starts.
3. The Volume Boot Sector (VBS) takes care of the operating system.
4. NT Boot Sector starts.
5. BOOTMGR.EXE starts. It checks Boot Configuration Data (BCD) and WINRESUME.EXE
6. WINLOAD.EXE starts loading the operating system kernel.
7. NTOSKRNL.EXE initiates to check HAL.DLL.
8. Phase 0 starts with NTOSKRNL.EXE.
9. Phase 1 starts with NTOSKRNL.EXE.
10. SMSS.EXE starts.
11. WINLOGON.EXE
12. LSASS.EXE

To check which boot method is used by your desktop, follow the below navigation

1. Open “Computer Management” with Administrator privilege
2. Click on Disk Management
3. Right-click on Disk 0 and select properties

The post Quick Overview: Booting Process of Windows first appeared on All About Testing.