The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Software testing is one of the most time consuming activities in the software development cycle. Current research suggests that aspect-oriented programming (AOP) can enhance testing and has the potential to be more effective than macros or test interfaces. There are two major weaknesses when using aspects which are the inability of aspect code to be woven at all execution points and the lack of direct...
This paper addresses the questions, "Why is a test process necessary?" and "How can a "one size process "fit all lifecycles?" In answer to the first question, the paper will demonstrate that a test process based on the systems lifecycle, which is clearly understood by all stakeholders, will enable successful testing in all projects. The paper will then look at three common...
This speculative paper outlines an untested idea: it superficially compares security testing with usability testing. Looking for analogies between these fields may seem far-fetched, but the result is surprising. When it comes to testing, usability and security may be not as dissimilar as they seem. A closer look at usability testing may yield new insights for security testing.
Too often projects deliver software of which the quality is difficult to predict. Sometimes the project completion is delayed due to the continuous change of requirements while the software is still being built. The quality level must align with the company needs. It is extremely important that the planned benefits of an IT system are reached. When the benefits are not achieved it will cause much...
This position paper proposes a research agenda for the field of security testing. It gives a critical account of the state of the art as seen by a practitioner and identifies questions that research failed to answer so far, or failed to answer in such a way that it would have had an impact in the real world. Three categories of research problems are proposed: theory of vulnerabilities, theory of security...
Software security testing tools and methodologies are presently abundant, and the question no longer seems to be "if to test" for security, but rather "where and when to test" and "then what?". In this paper we present a review of security testing literature, and propose a software security testing scheme that exploits an intra-organisational repository of discovered...
We present a new approach for mutation analysis of security policies test cases. We propose a metamodel that provides a generic representation of security policies access control models and define a set of mutation operators at this generic level. We use Kermeta to build the metamodel and implement the mutation operators. We also illustrate our approach with two successful instantiation of this metamodel:...
Due to the increasing complexity of Web systems, security testing is becoming a critical activity to guarantee the respect of such systems to their security requirements. To challenge this issue, we rely in this paper on model based active testing. We first specify the Web system behavior using IF formalism. Second, we integrate security rules -modeled in Nomad language- within this IF model using...
Security policy validation based on conformance testing is a promising approach, but it lacks both of a fault model and of better test selection procedures. Penetration testing approaches rely on a fault model based on the exploitation of sequences of vulnerabilities. This document proposes a method to generate test purposes to validate the conformance of a system to a security policy using a fault...
We propose an approach to generate and execute tests of the conformance of a system to a given security policy. The method is rule-based: it generates test cases directly from a security policy expressed as a set of security requirements, using two relations: one between predicates appearing in the rules and elementary test cases, called tiles, used to test predicates in the system, and another one...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.