The goal in testing ActiveX controls is to make sure other sites can t use the control in a malicious manner on the target machine. Refer to Chapter 18.
Sample Test Cases | |
---|---|
Test Case | Description |
Check for safe for scripting and safe for initialization | COM objects that are marked safe for scripting and safe for initialization can potentially be repurposed in a malicious Web site. |
Check if Sitelock is implemented | If the ActiveX control uses Sitelock, try to bypass it using URL encoding tricks, IP obfuscation, etc. |
Identify how each method can be abused or repurposed | See if methods can do things beyond what was intended. For example, accessing a file on a network share, making HTTP requests , performing local fileoperations, etc. |
Use error handling | By using error handling you can look for information disclosure bugs . |
Find unsafe nested objects | By accessing unsafe objects through your control, you can do whatever is unsafe in those objects. |
Check DllCanUnloadNow reference counting | If the DLL can be unloaded prematurely, arbitrary code can be run. |
Look for spoofing issues | Often, to mitigate security concerns, dialog boxes are displayed that can be fooled. |
Look for overflows | Test each persistent property, method, and event parameter for overruns. |
Test that control doesn t bypass browser security | The browser includes a lot of security around pop-ups, cross-domain access, and so forth make sure your control doesn t make that security useless. |