Applying Software Transformation Techniques to Security Testing
نویسنده
چکیده
Application protocols have become sophisticated enough that they have become languages in their own right. At the best of times, these protocols are difficult to implement correctly. Combining the complexity of these protocols with other development pressures such as time to market, limited processor power and/or demanding performance requirements make it even more difficult to produce implementations without security vulnerabilities. Traditional conformance testing of these implementations does not reveal many security vulnerabilities. In this paper we describe ongoing research where software transformation and program comprehension techniques are used to to assist in the security testing of network applications.
منابع مشابه
Security Testing: A Survey
Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual securit...
متن کاملMapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کاملHauptseminar: Security - Zwischen formalen Methoden und Praxis Malicious code detection
In any defense mechanism, malicious code detection is a crucial component. To subvert malicious code detectors, e.g anti-virus software, malicious code writers try to subvert these detectors by obfuscating the malicious code. As testing results surprisingly showed, commercial virus scanners were not able to detect infected binaries which were transformed by applying simple obfuscation technique...
متن کاملApplying Black-Box Testing to Model Transformations in the Model Driven Architecture Context
Testing model transformations has played a leading role with the dissemination of MDA in software development processes. Software testing based on black-box testing, together with the “category partitioning” method, can be efficiently used in order to conduct the verification of model transformations. This study employs software testing techniques to an ATL model transformation in the MDA conte...
متن کاملSecure State UML: Modeling and Testing Security Concerns of Software Systems Using UML State Machines
In this research we present a technique by using which, extended UML models can be converted to standard UML models so that existing MBT techniques can be applied directly on these models. Existing Model Based Testing (MBT) Techniques cannot be directly applied to extended UML models due to the difference of modeling notation and new model elements. Verification of these models is also very imp...
متن کامل