Title :
Software security testing based on typical SSD:A case study
Author :
Hui, ZhanWei ; Huang, Song ; Hu, Bin ; Yao, Yi
Author_Institution :
PLA Software Test & Evaluation Centre for Mil. Training, PLA Univ. of Sci. & Technol., Nanjing, China
Abstract :
Due to the increasing complexity of Web applications, traditional function security testing ways, which only test and validate software security mechanisms, are becoming ineffective to detect latent software security defects (SSD). The number of reported web application vulnerabilities is increasing dramatically. However, the most of vulnerabilities result from some typical SSD. Based on SSD, this paper presents an effective software security testing (SST) model, which extends traditional security testing process to defects behavior analysis which incorporates advantages of traditional testing method and SSD-based security testing methodology. Primary applications show the effectiveness of our test model.
Keywords :
program testing; software engineering; Web application; defect behavior analysis; security testing process; software security defect; software security testing; Authentication; Buffer storage; Electronic mail; Encoding; Forgery; Software; defect behavior; function test; software security defect; software security test; vulnerability;
Conference_Titel :
Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4244-6539-2
DOI :
10.1109/ICACTE.2010.5579101
