Recently, security patches have been implemented on servers affected by Heartbleed. Heartbleed is the biggest security exploit affecting industries to date. It allowed access to memory contents of a connected client or server. About 66% of websites using OpenSSL are now potential targets. The biggest concern for security managers is not fixing Heartbleed but variations of the bug that have come up. There is hundreds and possibly thousands of variants that the patch will not address. This could lead to a false sense of security. Security patches close security holes in a product, however, attack mutations do not fall within the scope of the patch. In order to prevent this tests must be conducted to defend against mutations.
In order to test for the Heartbleed mutation a full analysis of the servers SSL stack must be performed. This will narrow the number of possibilities to a finite list of breech points. In the case of a vulnerability, the SSL client had the ability in the Heartbeat response to request greater than 64k bytes of data. A fuzzer would be able to test this scenario and find the vulnerability by using OutofBounds method. Once the holes are found they should be patched then retested to measure if more holes open. To gain assurance one-arm stateful SSL/TLS testing should be used. Two arm simulations will not test your networks vulnerability to attack. SSL/TLS fuzzing will test mutation holes exhaustively. Exhaustive testing treats the device under test (DUT) as a system that allows interaction with the system in one-arm mode. One-arm exhaustive testing exposes DUT to more coverage and reduces the chance of exploitation.
Finding, fixing, and scanning vulnerabilities needs to be an iterative process. IT teams can take control of their network security with proactive and progressive testing. By finding the mutations early there is a possibility for prevention. Preventing a Heartbleed mutation will be beneficial to all people. It will also allow for a secure web server with no fear of information being leaked.
http://www.darkreading.com/how-to-detect-heartbleed-mutations/d/d-id/1234812?