Previous | Table of Contents | Next |
They can be applied to individual controls or to entire applications. Testing is the best way to evaluate performance and the specific tests needed for each of these factors. A useful technique here is stress testing. This can involve using large numbers of users and requests, large amounts of background activity, or maximum resources to attain conditions of operational stress. Functional operation might also be examined under these conditions because stress loading often interferes with regular processing. Stress testing is also used to attempt to exhaust quota limits for such specific resources as buffers, queues, tables, and ports. These resources might be external or internal to the application and might support such application functions as jobs, transactions, and sessions. This directed stress testing is especially useful in evaluating protection against denial-of-service threats.
Review Penetration Resistance. The final area of concern in detailed evaluation is penetration resistance. The task here is to assess resistance against the breaking or circumventing of controls. Cryptanalysis is an example of a technique for breaking a particular controlencryption. Creating and using a fraudulent logon utility to discover passwords is an example of control circumvention. The nature of the evaluation activity here differs widely, depending on whether the potential penetrators are users, operators, application programmers, system programmers, managers, or external personnel. In addition, the notion of penetration resistance applies not only to attacks against data but to physical assets and performance.
Assessment of penetration resistance can be the most technically complex of the detailed evaluation categories. It is best performed to establish confidence in security safeguards and to find and correct flaws. In both cases, it:
The security evaluation report is the primary product of certification. It contains technical security recommendations for the application and is the main basis for the decision on the adequacy of security. The evaluation work is partitioned into three areas:
Most of the internal work is in the area of application software and administrative and procedural safeguards. The results of detailed evaluations are combined with basic evaluation results; all of the results are then integrated into the security testing report. It is preferable to integrate results from different evaluation areas into one final report rather than deliver several reports to management; the safeguards in each area can have complex interrelationships that require a technical interpretation.
Report Preparation. The report is composed of these sections:
Recommended Corrective Actions. Corrective actions and their anticipated costs are recommended and ranked. Responsibility for making the corrections might be proposed. Criteria for evaluating the corrections must be established. This section must be sufficiently complete to give a clear understanding of the implications of either accepting or correcting vulnerabilities. Because sensitive applications are usually also important to the companys operations, most flaws are not severe enough to remove an operational application from service, although some restrictions may need to be implemented immediately. Other than removing an application from service or delaying its implementation, there are many intermediate options available, including:
Certification Process. This section summarizes the work performed in the certification process to enable management to determine the confidence that can be placed in the findings. The section should have the following appended:
Previous | Table of Contents | Next |