Software security testing based on typical SSD:A case study

Author

Hui, ZhanWei ; Huang, Song ; Hu, Bin ; Yao, Yi

Author_Institution

PLA Software Test & Evaluation Centre for Mil. Training, PLA Univ. of Sci. & Technol., Nanjing, China

Volume

2

fYear

2010

fDate

20-22 Aug. 2010

Abstract

Due to the increasing complexity of Web applications, traditional function security testing ways, which only test and validate software security mechanisms, are becoming ineffective to detect latent software security defects (SSD). The number of reported web application vulnerabilities is increasing dramatically. However, the most of vulnerabilities result from some typical SSD. Based on SSD, this paper presents an effective software security testing (SST) model, which extends traditional security testing process to defects behavior analysis which incorporates advantages of traditional testing method and SSD-based security testing methodology. Primary applications show the effectiveness of our test model.

Keywords

program testing; software engineering; Web application; defect behavior analysis; security testing process; software security defect; software security testing; Authentication; Buffer storage; Electronic mail; Encoding; Forgery; Software; defect behavior; function test; software security defect; software security test; vulnerability;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on

Conference_Location

Chengdu

ISSN

2154-7491

Print_ISBN

978-1-4244-6539-2

Type

conf

DOI

10.1109/ICACTE.2010.5579101

Filename

5579101