The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Nowadays, one of the most effective ways to identify software vulnerabilities by testing is the use of fuzzing, whereby the robustness of software is tested against invalid inputs that play on implementation limits or data boundaries. A high number of random combinations of such inputs are sent to the system through its interfaces. Although fuzzing is a fast technique which detects real errors, its...
Assuring the security of a software system in terms of testing nowadays still is a quite tricky task to conduct. Security requirements are taken as a foundation to derive tests to be executed against a system under test. Yet, these positive requirements by far do not cover all the relevant security aspects to be considered. Hence, especially in the event of security testing, negative requirements,...
User input validation is a technique to counter attacks on web applications. In typical client-server architectures, this validation is performed on the client side. This is inefficient because hackers bypass these checks and directly send malicious data to the server. User input validation thus has to be duplicated from the client-side (HTML pages) to the server-side (PHP or JSP etc.). We present...
In the process of software production, testing is the premise to guarantee the quality of software. With the extensive application of network software, Web security test has become a key point that can not neglect. Based on the Analytic Hierarchy Process (AHP) algorithm, a new kind of Web security testing programme was introduced in this paper. According to which it realized the Web Security auto-Testing...
The interaction between business communities becomes a crucial requirement due to the need of exchanging and sharing resources and services. In general, each system defines its own security policy to manage access control to its resources. In this case, we may have security interoperability problems due to the variety and complexity of secured systems implementations. In this paper, we provide a formal...
Software security test (SST) is a useful way to validate software system security attribute. Defects based testing technologies are more effective than traditional specification testing technologies, and more and more researchers pay their attention to the testing methods. Before testing, an organized list of actual defects is especially essential. But at present the only existing suitable taxonomies...
According to the low efficiency of system testing, the longer test cycle, the single form of the test results, no standardized documents of tested results and other drawbacks of the traditional penetration testing system, this paper design and implement of an XML-based penetration testing system. The system uses SNMP, PING, Telnet and other ways to explore resource, is based on OVAL, CVE to assess...
Flash has a number of security defects even though Flash Player is installed on most of world's PC. Protection using sandbox has limitation to protect a user from vulnerabilities of Flash application because an attacker can attack a vulnerable Flash application when a sandbox can't work if an engineer or a web administrator set sandbox permission wrongly. Another way to solve it is testing. As a testing,...
The correctness of mission-critical software is an important part of information security, but oracle problem and test data generation are constraints for some programs. Although metamorphic testing (MT) is practical for programs with oracle problem and evolutionary testing (ET) is a good application of genetic algorithm (GA) for automatic test data generation, fitness functions used in ET are not...
Trustworthiness is an essential and sometimes life-critical concern in software-intensive systems. Furthermore, supporting the proper testing of these systems can often times prove complicated. Within trustworthiness, security and privacy play key roles. Considering both security and privacy issues early in development are necessary to increase the trustworthiness of systems. In this paper we concentrate...
Vulnerability discovery is base technology in information system development, product testing and counterinformation. At present, vulnerability discovery already has been turned into the hot spot of the global security researches. There are so many kinds of vulnerability discovery methods. Many vulnerabilities has been found each year. But the frame work of the vulnerability discovery is out of the...
This paper presents a methodology to perform passive testing of behavioural conformance for the web services based on the security rule. The proposed methodology can be used either to check a trace (offline checking) or to runtime verification (online checking) with timing constraints, including future and past time. In order to perform this: firstly, we use the Nomad language to define the security...
Described the basic framework of the agricultural information retrieval system based on ontology and analyzed the factors which affect the system reliability, then proposed many methods and contents of web testing about the functionality testing, performance testing and security testing.
In today's global world, more and more corporations are bound to have an internet presence. This has led to a significant increase in network attacks of all kinds. Firewalls are used to protect organization networks against these attacks. Firewall design is based on a set of filtering rules. Because of the nature of these rules, and due to the rising complexity of security policies, errors are introduced...
In recent years Web-based systems have become extremely popular and, nowadays, they are used in critical environments such as financial, medical, and military systems. As the use of Web applications for security-critical services has increased, the number and sophistication of attacks against these applications have grown as well. For this reason it is essential to be able to prove that the target...
Software testing is one of the most time consuming activities in the software development cycle. Current research suggests that aspect-oriented programming (AOP) can enhance testing and has the potential to be more effective than macros or test interfaces. There are two major weaknesses when using aspects which are the inability of aspect code to be woven at all execution points and the lack of direct...
Many software security vulnerabilities only reveal themselves under certain conditions, i.e., particular configurations of the software together with its particular run-time environment. One approach to detecting these vulnerabilities is fuzz testing, which feeds a range of randomly modified inputs to a software application while monitoring it for failures. However, typical fuzz testing makes no guarantees...
A firewall is the most important tool of network security defense. Its proper functioning is critical to the network it protects. Therefore a firewall should be tested rigorously with respect to its implemented network protocols and security policy specification. We propose a combined approach for test case generation to uncover errors both in firewall software and in its configuration. In the proposed...
Memory leak can cause performance decrease or even breakdown of computer system. According to the unavailability of COM component, this paper analyses COM component's memory leak mechanism, propose a testing architecture and provide a memory leak detection method based on HOOK technique. This method can locate functions which cause memory leak and get details of the leaking process. The experiment...
Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally fuzz testing tools use random inputs and watch the resulting values. In this paper, we present a model-based fuzz framework for systematic automated testing of a TCG trusted software stack implementation. This framework is based on blackbox fuzz testing methods, integrated with target profiling,...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.