How to Break Software Security
Level of difficulty:
The practice of breaking security protocols and algorithms built into many programs is generally perceived by many sectors as an illegal act designed to compromise both the user and the host computer system. However, very few computer users know that there is a legitimate side to this practice which benefits many application testers because it allows them to correctly identify possible security flaws that may be in the program code itself or in the manner of the application’s execution. In fact, by doing this, many potential malicious actions that can be executed are preempted because before any commercial release or distribution can be done, the vulnerabilities have already been exposed and remedied. This guide is done from the perspective of legitimate individuals that intend to stop any form of attack on computer systems and programs.
- programming language
- Web browser
- Internet connection
The first step to breaking the security blanket of a program is to make an attack plan. Just like attempting to break into a bank, you cannot just walk in and expect to come out with a bundle of cash. In the attack plan, outline how the process will be undertaken and attempt to identify potential weaknesses which may reveal software vulnerabilities.
The most common way of breaking security is to attack the software dependencies. In an attempt to minimize file size, majority of programs depend on library files. By blocking access to these files, you will render the software inoperable; thereby, breaking down its security blanket.
Another way is to manipulate its associated Windows Registry key values. Every program installed in a Microsoft Windows Operating System environment creates its own unique registry key data. By modifying its registry value, you will force the software to corrupt its own files.
The next possible method is to replace the executable file with a non-functional version. By replacing the executable file, the program altogether will fail to launch making it useless.
A possible attack scenario is to force the program to operate with limited memory resources. Applications normally contain instructions to the memory addresses they are supposed to occupy. By filling these memory addresses with data garbage, the software will ultimately malfunction.
One more common and widely used method of breaking software security is intentionally inputting unexpected information in the user interface of the program. When unexpected input is encountered, programs normally generate overflow input buffer and similar errors which will illegally terminate it.
When dealing with open source applications, examine its code and look for escape commands, character sets, and characters built-in by the programmer as a precautionary measure to troubleshoot the program. These types of escape codes usually launch a backdoor to the software allowing it to be controlled.