Testing Tips

Previous page
Table of content
Next page

Although denial of service bugs can be difficult to find, the following testing tips can provide ideas to help you find vulnerabilities:

  • Trying sending lots of data to a feature, starting with a reasonable amount and gradually increasing the amount of data over time to see how the system reacts.

  • Try repeating the same action over and over while looking at CPU utilization and memory consumption to try to detect any resource leaks.

  • Change expected data types for an application if possible. For instance, if an application is expecting a numerical value, use alphabetic characters instead.

  • Look for characters that are filtered, and provide input that contains many of the character that are filtered out.

  • Try using DOS device names wherever file paths can be specified to see if you can get the application to hang.

  • Use fuzzing techniques to try to reach different error cases in the application.

  • Fail to close any connections made to the server to prevent new connections from being made.

  • Try to exercise all error code paths to see whether any resources arent released.


Previous page
Table of content
Next page
Hunting Security Bugs
Hunting Security Bugs
ISBN: 073562187X
EAN: 2147483647
Year: 2004
Pages: 156
Authors: Tom Gallagher, Lawrence Landauer, Bryan Jeffries
BUY ON AMAZON
CISSP Exam Cram 2
Strategies for Information Technology Governance
Developing Tablet PC Applications (Charles River Media Programming)
SQL Hacks
File System Forensic Analysis
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy