{"id":98129,"date":"2022-06-24T19:30:03","date_gmt":"2022-06-24T19:30:03","guid":{"rendered":"https:\/\/papersspot.com\/blog\/2022\/06\/24\/part-1-sandboxing-sandboxing-is-mainly-associated-with-malware-analysis-in-cybersecurity-security\/"},"modified":"2022-06-24T19:30:03","modified_gmt":"2022-06-24T19:30:03","slug":"part-1-sandboxing-sandboxing-is-mainly-associated-with-malware-analysis-in-cybersecurity-security","status":"publish","type":"post","link":"https:\/\/papersspot.com\/blog\/2022\/06\/24\/part-1-sandboxing-sandboxing-is-mainly-associated-with-malware-analysis-in-cybersecurity-security\/","title":{"rendered":"Part-1: Sandboxing Sandboxing is mainly associated with malware analysis in cybersecurity. Security"},"content":{"rendered":"

Part-1: Sandboxing<\/p>\n

Sandboxing is mainly associated with malware analysis in cybersecurity. Security researchers analyze malicious software and codes in a controlled and isolated environment to prevent harm to their computers and efficiently handle the analysis process. In the context of software development, the concept of sandboxing is similar. It still provides an isolated environment for software testers. In the context of software development, including web development and revision control, a sandbox is a testing environment that isolates untested code changes and outright experimentation from the production environment or repository. Sandboxing protects “live” servers and their data, vetted source code distributions, and other collections of code, data, and content, proprietary or public, from changes that could damage a mission-critical system or which could be difficult to revert. Sandboxes replicate at least the minimal functionality needed to test the programs or other code under development accurately. A sandbox concept is typically built into revision control software such as Git, CVS, and Subversion, in which developers check code out a copy of the source code tree, or a branch, to examine and work on. After the developer has thoroughly tested the code changes in their sandbox, the changes should be checked back into and merged with the repository and made available to other developers or end-users of the software (https:\/\/en.wikipedia.org\/wiki\/Sandbox_(software_development)).<\/p>\n

In this lab, you will use two online sandbox environments. The first one is an HTML, CSS, & JavaScript sandbox for frontend web projects. The second one is a Python sandbox. In real-world settings, you see professional environments and systems for sandboxing that are well-aligned with SDLC processes. These online environments will be sufficient for you to understand the idea behind sandboxing. <\/p>\n

Optional Video<\/p>\n

In addition to sandboxing, you can learn various other testing techniques used in software development projects: https:\/\/openclassrooms.com\/en\/courses\/5162996-secure-your-web-application-with-owasp\/6122381-beat-the-hackers-at-their-game<\/p>\n

Instructions<\/p>\n

Case-1: Stopping dangerous code \u2013 HTML, CSS, & JS Sandbox<\/p>\n

Case-2: Testing different web redirections\/iframe options quickly \u2013 HTML, CSS, & JS Sandbox<\/p>\n

Assume you are a software developer working at an IT training company. You are developing a website with interactive training material on it. You are placing URLs of some education websites, such as w3schools.com. Your website does not work as intended; you want to quickly find the reason by pasting and playing with the code you wrote. <\/p>\n

Now, insert your JavaScript-based URL redirection scripts to the HTML tab. Each script has a different URL. After pasting each code, take a screenshot of the Result View window. <\/p>\n

First redirection: <\/p>\n

\u00a0\u00a0\u00a0\u00a0window.location.replace(“https:\/\/playcode.io\/online-javascript-editor”)<\/p>\n

Second redirection: <\/p>\n

\u00a0\u00a0\u00a0\u00a0window.location.replace(“http:\/\/www.w3schools.com”)<\/p>\n

Third redirection: <\/p>\n

\u00a0\u00a0\u00a0\u00a0window.location.replace(“https:\/\/www.w3schools.com”)<\/p>\n

Optional:<\/p>\n

You can replace the script codes with iframe code below to see similar results. An example: <\/p>\n

Case-3: Stopping malicious code \u2013 Python Sandbox<\/p>\n

Questions<\/p>\n

Submit screenshots.<\/p>\n

What does the code in Case-1, Step-2 do? What would happen if the sandbox didn\u2019t stop the code?<\/p>\n

Explain the different Result Views in Case-2. Hint: You can do Google search \u201csame-origin policy\u201d for the third redirection. <\/p>\n

Provide your insights on running the method on a computer versus running it on a sandbox.<\/p>\n

Part-2: Fuzzing<\/p>\n

Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks (Wikipedia).\u00a0<\/p>\n

Hackers and security researchers use fuzzers to find zero-day vulnerabilities; the next step of fuzzing for hackers would be to use the crash reports to develop exploits. As with the binary analysis, fuzzing can be a critical contribution to the SDLC to provide potential vulnerabilities from the hacker point of view. The crash reports generated by the fuzzer can be delivered to software developers for investigations. <\/p>\n

Fuzzing resembles binary analysis in taking the complied program as an input; this is not the case for static code analysis that you will practice in Lab-7. Fuzzing and binary analysis are black-box testing techniques, whereas static code analysis is a white-box testing technique.<\/p>\n

This lab aims to answer the “what” question for fuzzing, not the “how” question. In this lab, you will<\/p>\n","protected":false},"excerpt":{"rendered":"

Part-1: Sandboxing Sandboxing is mainly associated with malware analysis in cybersecurity. Security researchers analyze malicious software and codes in a controlled and isolated environment to prevent harm to their computers and efficiently handle the analysis process. In the context of software development, the concept of sandboxing is similar. It still provides an isolated environment for […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[10],"class_list":["post-98129","post","type-post","status-publish","format-standard","hentry","category-research-paper-writing","tag-writing"],"_links":{"self":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/posts\/98129","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/comments?post=98129"}],"version-history":[{"count":0,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/posts\/98129\/revisions"}],"wp:attachment":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/media?parent=98129"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/categories?post=98129"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/tags?post=98129"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}