Technically, a bug, an informal name used by software developers simply means an error in a software program. Even in programming languages –[as well as scripting languages like bash, pdksh, csh, and so on] an interpreter zones a block of code or script/cmdlets as error if it is written outside or it is not in line with standard programming/scripting language syntax.
The above simply refers to syntax error. Usually, this specific error is made by inexperienced programmers.
For instance, an information security engineer wanted to write an interactive program to test the minds of pupils below the age of 14yrs. Students were asked to reply to each question accordingly.
As usual, an information security engineer or developer should be aware of the subtle difference between python 2 and python 3 interpreter lies in its syntax.
( To find the version of the python you have installed , type : open the python shell . It shows at the bar. )
Both programs were written in python but interpreter version differs.
Python 2.7.11 [ Program : Students were asked to choose between Yale University and Stanford University. ]
The source code of both programs are the same. However, it seems python 3 syntax is quite differs from python 2 in terms of the input() function call. Python 3 input() function call is different from python 2 . This is just a basic example of a basic syntax error.
*A function is kind of like a mini-program inside your program.
Zero-day attacks are borne out of unaware bugs written by software developers. Some of these bugs are too subtle to detect . So can we assert the effectiveness of pen testing to take care of errors or rather hire the services of bug discoverer[ black hats] specifically to deal with software errors ? *Because most White Hackers do follow traditional way of pen testing. Black hats try strange methods by modifying block of codes just to divert the original responsibility of a program .
For instance, a program written in C++ includes encapsulation of unnecessary details or instructions which does not matter to customers. In order to frustrate customers and put more pressure on a system like ATM machine, hackers can modify the encapsulation method from public() to private(). Just a single tweak of code could set in logical error.
[So I would rather recommend a black hat to initiate bug discovery rather than White Hats.]
The art of penetration testing is applied when the owners [ or owner ] of a webpage or software application is assured of total security. The mission of pen testing is not to avail all attack vectors or open ports [ which should not remain ajar] which could give access to the internal network or system. Just a single open port [ which should have been closed] could make things work for pen tester(s). Or just a single mistake within a module could enable a zero-day attack.
Bug discovery on the other hand refers to in-depth scientific investigation of a software application or web server. Bug discovery is operated thoroughly as compared to pen testing.
A pen tester would not bother to excavate the nitty-gritty of a web server [ i. to wit, there is no need to check out the database engine of web server based on Json ] . Other techniques of modern day attacks like man in the middle attacks, distributed denial of service, ARP poisoning or even social engineering could aid a pen tester accomplish its mission. Any other attack vectors won’t be needed if these form of cyber- attacks could launch him into the integral part of the web server.
A couple of years ago, bugs like the infamous Heartbleed affected many software vendors . Heartbleed compromised the TLS [ the transport layer service] which secures communication between two parties. Heartbleed attack is similar to man in the middle attack. OpenSSL was compromised.
The bug discovered in the OpenSSL did not affect just protected data but it also allowed hackers to access web pages with ease until it was discovered that Heartbleed was the main cause .
The difference between bugs discovery and pen testing lies in “in –depth” . In this context, “in-depth” defines bug discovery and pen testing altogether. Bug discovery depends on pen testing to maintain security awareness whilst pen testing depends on bug discovery to ensure all open ports [ needed to be closed] are dealt with efficiently .
Initially, I explained that penetration testing does not excavate the nitty-gritty of a software product or a web page. The chief advantage of pen testing is to test whether a software product or a webpage is secure enough against attacks from external network. Vulnerability auditing is the closest to bug discovery [ because it does more in-depth checking than pen testing but it is ineffective as compared to bug discovery.
Unit and system testing are the potential candidates ever in terms of comparison. Unit testing tends to focus on the correctness of single product, whilst system testing is primarily concerned with the correct operation of the entire system.
So the coupling of both unit and system testing slightly equals bug discovery. Although both mode of testing differ in terms of jurisdiction , efficiency is achieved.
Whether pen testing is required to prevent a zero-day attack launch or unit or system testing (otherwise unknown as bug discovery) should , the bottom line is efficiency. Is Bug discovery[unit or system test or pen testing efficient enough ?