Testing Fault Injection in Local Applications

by Chris Wysopal, Lucas Nelson
Sept. 15, 2017 1 comment Symantec Pen Testing & Audits

This article is an excerpt from the book, "The Art of Software Security Testing," and focuses on the approach and techniques used to test the security of local applications. It begins by describing local resources and interprocess communication, which make up a local application’s attack surface. After describing how to enumerate the local resources an application depends on, the text then describes methods of testing several of those types of resources. It also describes how to test ActiveX objects, command-line programs, and applications’ use of local files and shared memory.


Steven Ulm 8 months, 1 week ago

This article made me really curious in buying and reading the complete book. Well written! Thank you for sharing!