Security Software Testing Suite

About the suite

Security Software Testing Suite (SSTS) is a set of tools used for testing Windows security software that implement application-based security – i.e. most of the Internet security suites, HIPS, personal firewalls, behavior blockers etc. SSTS is based on the idea of independent programs that attempt to bypass various features of the security software. Each test of SSTS is directed against a single feature or against a few closely connected features of the security software.

SSTS is used in our Proactive Security Challenge project, which goal is to rate and compare abilities of security software for Windows. SSTS is published with its source code, which makes the testing as transparent as possible. The suite contains many kinds of tests like outbound protection tests, self-defense tests, keylogger tests etc. The tests in SSTS have a unified structure and user interface, hence using it is fast, easy and efficient.

Changelog

• 2009-05-20: Kill6 has been improved. Breakout1 has been updated to support Internet Explorer 8.
• 2009-04-23: Minor bugfixes in improvements.
• 2008-11-07: Thirteen new tests have been added to the suite, two tests have been removed, several tests have been improved, some changes have been done to the licence agreement. Kernel1 has been added to the Level 3; Kernel1b has been added to the Level 4; Kernel2, Kernel3 and Crash4 have been added to the Level 5; Kernel4, Crash5 and Crash6 have been added to the Level 6; FireHole2 and Kill12 have been added to the Level 7; Kernel4b and Kernel5 have been added to the Level 8; Crash7 has been added to the Level 9. PerfTCP and PerfUDP have been removed from the suite – mixing the performance and security tests turned out not to be a good idea. The current number of the tests in the suite is 81.
• 2008-06-18: The configuration file has been improved.
• 2008-05-23: All the termination tests have been improved. The new implementation is more reliable and easier to use.
• 2008-05-06: Three new tests have been added to the suite. PerfTCP and PerfUDP have been added to the Level 1, SockSnif to the Level 8.
• 2008-04-24: Seven new tests, namely Keylog1, Keylog2, Keylog3, Keylog4, Keylog5, Keylog6 and Keylog7, have been added.
• 2008-03-18: The first public version that contained 60 tests was released.

Download

Warning: This software is used for testing of security products and should never be used on production machines. Using this software may damage or erase your data. This software is provided "as is" and without warranty of any kind. More information about each test can be found in its source code file and in the shared source code files of the whole suite.

By using SSTS you agree with its licence that is included in the archive in licence.txt.

Download SSTS.

Contribution

If you are a security researcher, analyst or coder and you have an idea for a test, please share it with us. You can either send us just a description of your idea, a proof of concept or, ideally, a fully integrated test to the SSTS framework. We will analyse it and possibly include to the suite giving you a full credit for the new testing method. If you have such idea, please contact us.

Commercial usage

SSTS is distributed free of charge for non-commercial and private use. For the full licence information, read licence.txt file of the SSTS archive. If you want to use SSTS for commercial purposes or for the purpose of creating content of the publicly accessible web site or for extensive or mass software testing, please contact our sales department to get more information.

valid HTML 4.01 · valid CSS 2 · optimized for you · design by martina · powered by jan · generated on July 4, 2009