Page 107 - SOFTWARE TESTING & QUALITY ASSURANCE

P. 107

Software Testing and Quality Assurance

Rate the Threats
This is the last stage of the process. The threats are rated using simple high, medium, or low ratings.
This rating is based on the risk value which is calculated using the following simple formula:
Risk= Probability * Damage Potential

where,
(a) Probability represents the probability of occurrence of the threat. This is rated using the
scale of 1 to 10, where 1 indicates a threat that is very rare to occur and 10 indicates a
common and definite threat.

(b) Damage Potential represents the damage caused by the threat. This is also rated using the
scale of 1 to 10 where 1 represents minimal damage and 10 represents a catastrophe to the
system.
If Probability = 5 and Damage Potential = 3 then Risk = 15.
Similarly, if Probability = 7 and Damage Potential = 3 then Risk = 21.
Based on the risk value calculation, the threat rating high, medium, or low is given to the threat.
Finally, a detailed documentation of the security aspects of the system that lists and rates all possible
threats is prepared. This helps the development team to focus and resolve the detected threats.
The process of threat modeling is not only carried out by a tester but it is done by

the project manager because this model demands the involvement of all the
members associated with the software development such as project manager,

developer, tester, technical writer, and so on.

7.2.2 Buffer Overrun
Buffer overrun is one of the most common security problems today. Buffer is a memory area shared by
microprocessors and other hardware devices. Buffer overrun is caused by buffer overflow. Buffer
overflow occurs when the value saved in the buffer exceeds the size of the buffer memory. The excess
memory values either overwrite the existing buffer memory or other buffer memory. Such buffer
overruns might crash the system.
Software developed using programming languages such as C and C++ have
no built-in protection against accessing or overwriting data during buffer
overruns. This is because there are no inbuilt functions to check whether or
not the data written to an array is within the defined boundary limits of the
array.
Bugs are caused when excess data is saved in a limited buffer memory. This will overwrite the adjacent
stack or memory of the buffer and will often cause the program to behave incorrectly or crash. This not
only affects the execution of the program, but also throws serious security vulnerability.

A hacker can overrun the buffer of the running program by supplying un-
trusted data and can corrupt the stack. Later the hacker could overwrite the
buffer with an un-trusted executable code and thereby can take control of the
system.

Did you know? In 1997, the Carnegie Mellon University issued 28 advisories related to security
vulnerabilities. Out of these 28, 15 were related to buffer overrun vulnerabilities
identified in commonly used programs and facilities in UNIX systems.
7.2.3 Safe String Functions
Safe string functions are functions that are used to overcome buffer overruns in software programs.
Poor handling of buffers causes a buffer overrun and leads to many system security problems. Such
poor handling is related to string manipulation operations. The safe string functions perform extra

100 LOVELY PROFESSIONAL UNIVERSITY

102 103 104 105 106 107 108 109 110 111 112