Security Testing by Telling TestStories
نویسندگان
چکیده
Security testing is very important to assure a certain level of reliability in a system. On the system level, security testing has to guarantee that security requirements such as confidentiality, integrity, authentication, authorization, availability and non-repudiation hold. In this paper, we present an approach to system level security testing of service oriented systems that evaluates security requirements. Our approach is based on the Telling TestStories methodology for model–driven system testing. After the elicitation of security requirements, we define a system and a test model. The test model is then transformed to executable test code. We show how traceability between all artifacts can be established and how the tests can be executed focusing on security relevant aspects. All steps are explained based on an industrial case study.
منابع مشابه
Telling TestStories - Modellbasiertes Akzeptanz-Testen Serviceorientierter Systeme
Moderne Serviceorientierte Systeme werden immer komplexer, was hohe Anforderungen an ihre Qualitätssicherung stellt. Die Qualitätssicherung Serviceorientierter Systeme weist allerdings eine Reihe von Spezifika auf wie die Einbindung externer Peers, deren innere Struktur man nicht kennt, die durch die heute verfügbaren Testmethoden und Testframeworks nicht abgedeckt sind. Telling TestStories, ku...
متن کاملSecurity testing of session initiation protocol implementations
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...
متن کاملSilver Bullet Talks with Peiter (Mudge) Zatko
P Zatko, better known in the security community as Mudge, was one of the leaders of the L0pht hacker collective, which contributed significantly to the disclosure of serious Internet vulnerabilities and eventually became the security consultancy @stake. He has worked as a division scientist at BBN Technologies, a project manager for DARPA, and a researcher at Google. He’s currently working on a...
متن کاملAn automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملUniversity of Newcastle upon Tyne
The Automated Turing test (ATT) is almost a standard security technique for addressing the threat of undesirable or malicious bot programs. In this paper, we motivate an interesting adversary model, cyborgs, which are either humans assisted by bots or bots assisted by humans. Since there is always a human behind these bots, or a human can always be available on demand, ATT fails to differentiat...
متن کامل