Service Virtualization

  • Private Community
 View Only

  • 1.  Vulnerabilities

    Posted Aug 07, 2020 08:08 AM
    ​I was asked:

    How does SV helps with security vulnerabilities?



    ------------------------------
    Tom Shokite
    ------------------------------


  • 2.  RE: Vulnerabilities

    Posted Aug 07, 2020 08:45 AM
    Hi Tom,

    As per my understanding, Service Virtualization can only help you to test the scenarios associated with security vulnerability till a certain extent.

    As the actual vulnerabilities should be identified/analyzed in system under test, SV may not be able to help much but it could still help for few scenarios to test the same. Example: Sending CRLF chars in the response

    Thanks

    ------------------------------
    Regards,
    Vaibhav Jain
    Capgemini
    ------------------------------

    Original Message


  • 3.  RE: Vulnerabilities
    Best Answer

    Broadcom Employee
    Posted Aug 10, 2020 02:25 PM
    Tom,

    Service Virtualization can help you to test the System Under Test (SUT) for security vulnerabilities in several ways. 
    • Returning a response that is an error message - this tests if the SUT is handling the response correctly or if it just dumps all information. For example think of a Web application that gets back and error while accessing a DB. You do not want that error message with table name etc. shown to the user.
    • Responses that may contain sensitive information that should not be displayed. For example a full credit card or SSN is returned, does the SUT mask it or display it?
    • Returning a response that is incorrectly formatted - this tests if the SUT is handling response fields correctly. For example send back responses that are longer than the SUT expects or unexpected field types.
    • You could also virtualize an Oauth system and test if the SUT is handling timeouts / permission denied correctly.

    There are probably more, but those some I have encountered. 

    Original Message