empowering security teams
TRANSCRIPT
![Page 2: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/2.jpg)
Fuzz Testing for Embedded Device Security Assurance (EDSA)
![Page 3: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/3.jpg)
ISASecure EDSA Certification
![Page 4: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/4.jpg)
Communication/Network Robustness Testing (CRT)
• “CRT examines the capability of the device to
• adequately maintain essential functions while being subjected to:
• normal and erroneous network protocol traffic at normal to extremely high traffic rates (flood conditions).
ISASecure.org
• ANSI and IEEE have defined robustness as the degree to which a system or component can function correctly in the presence of invalid inputs or stressful environmental conditions
• - Wikipedia
![Page 5: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/5.jpg)
FUZZINGRANDOM TESTING, BLACK BOX TESTING
The standard definition of Fuzzing (according to the Standard Glossary of Software Engineering Terminology, IEEE) is
“The degree to which a system or component can function correctly in the presence of invalid inputs or stressful environmental conditions.”
![Page 6: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/6.jpg)
Fuzzing Trigger system errors and faults by sending invalid data intentionally
The best way to find “zero day vulnerabilities”
Many global companies use fuzzing as part of the developing process
Microsoft Security Development Lifecycle (SDL)
![Page 7: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/7.jpg)
For ProgrammersInputs are the triggers for outputs
LOGIC
For AttackersInputs trigger possible problems
LOGICUnhandled (Unexpected)
INPUT
INPUT OUTPUT
UnexpectedConsequence(Possible Vulnerability) “Unexpected input causes unexpected results.”
(Michael Sutton)
![Page 8: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/8.jpg)
All the input space
Code/Spec
Unit
test
s
Unit
test
s
Unit
test
sUnit
test
s
Test Coverage
QA
Vulnerable
![Page 9: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/9.jpg)
Smart and Dumb Fuzzing
• Dumb Fuzzers
• has no built-in intelligence about the program being fuzzed
• generates completely random input
![Page 10: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/10.jpg)
Smart Fuzzers like beSTORM
• has knowledge of the input format (e.g. a protocol definition or rules for a file format)
• generates mostly valid input and only fuzz parts of the input within that known format
![Page 11: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/11.jpg)
![Page 12: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/12.jpg)
beSTORM Client and Monitor module
beSTORM MAIN COMPONENTS
![Page 13: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/13.jpg)
Protocol test coverage - beSTORM Generate comprehensive test cases to cover the entire protocol
Crawl through the entire protocol tree (beSTORM combinatorically goes through
all possible test cases)
With comprehensive test coverage, beSTORM detects all vulnerabilities
![Page 14: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/14.jpg)
Monitoring for Possible Vulnerabilities
• A powerful monitor detects if even the slightest buffer overflow, format string, or memory exception occurs
• Runs automatically until all test scenarios are exhausted, trying the most probable combinations first
![Page 15: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/15.jpg)
Other forms of Monitor –Waveform Monitor
![Page 16: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/16.jpg)
![Page 17: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/17.jpg)
![Page 18: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/18.jpg)
beSTORM main features
Export a “Proof of Concept” Perl script Recreate the vulnerabilities without needing
beSTORM
Perl script is platform independent
This site can not
be reached
![Page 19: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/19.jpg)
ISCI EDSA ARP Testing Specs
![Page 20: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/20.jpg)
EDSA ARP Fuzzing Project Walkthru
![Page 21: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/21.jpg)
Select ARP fuzzing
![Page 22: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/22.jpg)
ARP Fuzz Testing Configuration
![Page 23: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/23.jpg)
Select EDSA ARP Test Requirements
![Page 24: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/24.jpg)
Select Built-in Monitor & Start
![Page 25: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/25.jpg)
ARP Load Testing Completed
![Page 26: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/26.jpg)
Detailed result report
beSTORM REPORTING
![Page 27: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/27.jpg)
Smart Fuzzers like beSTORM
• has knowledge of the input format (e.g. a protocol definition or rules for a file format)
• generates mostly valid input and only fuzz parts of the input within that known format
![Page 28: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/28.jpg)
Generation FuzzerWorking with 61850 MMS Protocol
![Page 29: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/29.jpg)
Snippets of 61850 MMS Scripts
![Page 30: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/30.jpg)
beSTORM USE CASES
Critical Infrastructure, certified by the ISA Security Compliance Institute (ISCI) as an approved ‘CRT Test Tool’ for use in the ISASecure EDSAv1 and EDSAv2
beSTORM, used in the automotive industry for the new driverless security testing. Supports CANBus, CAN-FD,UDS, DoCAN, new generation of automotive head-end units and all types of ECUs
Product Development and Lab Certification, Beyond Security is a member of the Microsoft SDL Pro Network that specialize in application security and have substantial experience and expertise with the methodology and technologies of the SDL
![Page 31: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/31.jpg)
LOCATE FAULTS AND SECURITY VULNERABILITIES
Using Fuzzing method to detect zero day vulnerabilities before they are publicly discovered.
FULL TOOL SUITE
• 2ND Generation fuzz engine
• Self Learning Module and Propriety software testing
• System Under Test monitoring engines
• Auto generation of proof of concept attacks
• Easy to customize
TEST ANY TARGET
• Servers
• Clients
• Applications/Software
• Hardware
• API
• DLL
• Libraries
• PLC
FIND 0 DAYS WITH beSTORM
![Page 32: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/32.jpg)
• Provides the highest control and transparency for your testing of any tool in the market
• beSTORM, real fuzzing, and protocol description, field by field. No test cases, real Fuzzing!
• Using the monitor, attach like a debugger, tells beSTORM there’s an exception and exactly where and when problem is found (step back and forth). Then export and exploit via Python. Engineering can then test offline
• Monitor if application is answering with icmp ping, there’s also a process monitor, providing detailed additional DUT information.
• Monitor via API, and when there’s a failure beSTORM can notify you via email
• beSTORM consolidated reports shows: • exactly what problems were found.• Shows everything that was tested and why.• Shows all settings and tests that were done – Great for testing certification
• Adjust your speed: adjust how many sessions/sec. • lower speed for slow devices • Increase speed for time constraints, • Prioritize the parts of your protocols you want tested first• Change testing granularity
• Proprietary protocols, smart and intuitive Self-Learning. Add your own protocols
BeSTORM ADVANTAGES
![Page 33: Empowering Security Teams](https://reader030.vdocuments.net/reader030/viewer/2022013000/61c9afcb04a5fa3fc5401205/html5/thumbnails/33.jpg)
KNOW THAT YOU’RE SAFE
Thank you!