Introduction
GUARDARA is a comprehensive dynamic testing tool to find bugs and zero-day vulnerabilities in custom/proprietary products, protocols, web services and applications, and complex environments. It enables application/product security, quality assurance, and development teams and team members to collaborate and share resources more efficiently.
Suppose you are interested to learn under what conditions software or a product breaks or behaves in an anomalous way. In that case, GUARDARA is the perfect tool for you.
Check out the tutorials to learn how to test:
How it Works
GUARDARA dynamically generates specially crafted test cases using a complex network of algorithms to trigger unintended behaviour within the test target. Unintended behaviour can be a wide variety of things, such as different kinds of zero-day vulnerabilities, resource exhaustion, unexpected edge cases, unhandled exceptions, and component interoperability issues. Common between these issues is their negative impact on confidentiality, integrity, availability, or all of these combined. GUARDARA tests software from the perspective of a malicious outsider and works based on information and behaviour observable without having access to the source code.
Test Case Generation
GUARDARA is capable of utilizing multiple test case generation methods, even simultaneously. This section discusses the different methods, highlighting their pros and cons.
Generation-based
This test case generation method uses templates that describe structured data to generate test cases automatically. Using this method, GUARDARA can generate test cases that are:
- Structurally sound. The relationships between different fields or groups of fields are modelled accurately. For example, calculating the length of data blocks and repeating certain ones without corrupting the data structure is both possible and easy.
- Correct where and when it must be correct. GUARDARA can calculate valid checksums or hashes on the fly, encrypt blocks within structured data, or apply different encodings on fields (e.g., URL encoding) or groups of fields.
- State-aware. For example, in a communication flow, data can be extracted from responses and used in follow-up requests or used to control test case execution by dynamically altering the test flow.
In addition to the above, there are some added benefits:
- Feature coverage. It is possible to configure what exactly is to be tested or not to be tested. This high level of customization allows for creating separate test configurations that focus only on testing a specific feature or component so you can focus on areas of the target that have changed.
- Shorter test run time compared to alternative test generation methods. Testing multiple features can be run in parallel to achieve better coverage within a shorter time.
- There is no need to modify the codebase of the target to disable certain checks, security mechanisms, or features to be able to test efficiently.
The disadvantage of this method is that creating templates to model structured data and creating test flows requires understanding the data structure or protocol and also takes some time. However, GUARDARA is packed with features to simplify this process significantly.
Mutation-based
The mutation-based approach is a non-structure-aware test case generation method that introduces minor changes to existing data that may trigger unexpected behaviour when the target processes it.
The main benefit of the mutation-based test case generation is that the user does not need to understand the structure of the data being mutated; therefore is a quick and easy way to get started with testing.
Unfortunately, the mutation-based approach has several disadvantages. Some of these are listed below.
- It is much more likely to generate unusable data due to being unaware of what a valid data structure looks like. As a result, significant time is spent bombarding the target with data that does not even pass the basic filters. Triggering bugs and vulnerabilities has a low probability every time this happens.
- The mutation-based test case generation becomes highly inefficient if the structured data contains checksums and hashes, encrypted and encoded blocks that would have to be generated on the fly.
- Not having an understanding of the data leads to not being able to understand and incorporate the concept of application state into the testing process. Because of this, mutation-based test case generation is very counterproductive when, for example, testing network communications.
Hybrid
GUARDARA can combine mutation-based and generation-based test case generation to exploit both benefits and balance their cons.
Achieving mutation-based test case generation is as simple as creating a template containing a single Binary Field representing the entire data. This way, we are ready to test within just a few seconds. Suppose we wanted to improve the quality of the generated test cases; we could parse either part of the Binary Field or the entire data properly using different Fields. The test case generation for the parsed fields is handled by a collection of field type-specific algorithms, while the mutation-based algorithm handles unparsed areas.
Issue Detection
GUARDARA supports five methods to pick up unexpected behaviour during test runs. These can be utilized separately or in combination. These are discussed below.
Connection-based
This method detects when the target becomes unavailable or unresponsive at any test execution step. The target under test could become unavailable or unresponsive, for example, because of a crash, unhandled exception, or data corruption. The benefit of this detection mechanism is that it is easy to configure and allows detecting some issues in an entirely black-box fashion.
This approach becomes unreliable, for example, when testing multi-threaded applications where a new thread may handle each test case. In such a case, the target remains available and ready to serve the subsequent request even if a thread crashes.
Connection-based detection is configurable by adjusting the properties of the Actions within Test Flow Templates.
Response-based
This method allows picking up unexpected behaviour by looking at the response received from the target under test. GUARDARA provides a compelling way to analyze responses received from the target and detect unexpected behaviour: Response Processing Rules. Response processing rules are multi-purpose. They can be used to influence the testing process or to detect unexpected behaviour. The general approach to response processing rules regarding issue detection is similar to classical software testing methodologies, such as unit testing or user acceptance testing. First, we define how we expect the target to behave under normal circumstances. GUARDARA then feeds the target with unexpected data, so the defined processing rules can pick up if the target does not behave as expected.
Monitor-based
Monitors are GUARDARA extensions that allow monitoring the state of the target(s) under test to detect anomalous behaviour in ways not possible with previously discussed methods.
Callback-based
Callbacks allow users to execute arbitrary Python code during test runtime to perform operations unavailable via the user interface. Callbacks can be inserted anywhere within the test flow.
Callbacks have access to both the last test case sent and the response received from the target. Therefore, custom and intelligent anomaly detection can be implemented that is tailored to the target under test.
In addition, Callbacks can access all the Session Variables to manipulate the state and dynamically influence the flow of the testing.
Performance-based
The Target Performance Baselining and Monitoring feature, when enabled for a Project, allows detecting performance issues affecting the test target that a malicious actor could abuse to trigger a denial of service condition.
Test Delivery
GUARDARA's test delivery capability is based on a modular, plug-and-play system. The components implementing the different test delivery options are called Drivers. GUARDARA comes with several Drivers, primarily focused on delivering test cases over the network. Users can implement additional Drivers using the SDK.
Extensibility and Customization
GUARDARA was designed so that everything can be easily customized and extended with new capabilities.
- The test configuration-related assets, such as Message Templates, Test Flow Templates, Projects and Callbacks, are transparent and fully customizable.
- Issue detection capabilities can be easily extended using custom Response Processing Rules, Callback, and Monitors.
- The test delivery mechanisms can be extended by implementing custom Drivers.
- Implementing custom test case generation capabilities, such as Fields and algorithms and field transformations, is a piece of cake.
Creating extension is fairly simple and requires basic familiarity with Python.