Logo des Repositoriums
 

Fuzzing: Testing Security in Maintenance Projects

dc.contributor.authorSimon, Frank
dc.contributor.authorSimon, Daniel
dc.date.accessioned2017-12-06T09:22:18Z
dc.date.available2017-12-06T09:22:18Z
dc.date.issued2012
dc.description.abstractFrank Simon, Daniel Simon SQS Software Quality Systems AG, Stollwerckstraße 11, 51149 Cologne, Germany Email: frank.simon|daniel.simon@sqs.com Abstract: New trends in IT industry impose increasingly requirements on openness and interoperability via networks to enterprise software systems. As a consequence, more and more legacy applications are made available via interfaces more openly through mobile and insecure networks, thereby inducing security risks the initial designs have never had to account for. In this paper, we show how a highly automatable black-box method called fuzzing for testing security can be integrated into testing processes to increase interfaces of legacy application in terms of security profiles. tem for mobile communication ­ as example ­ has not only to be tested for its own but might motivate deeper testing of directly connected components. For a more systematic view on these implicit testing adjustments testing can be refined into four steps (a more general approach can be found in [2]: 1. Identification of test objects (What artefacts relevant for project success?) 2. Identification of quality attributes (What properties should the artefacts have?) 3. Determination of corresponding test activities to ensure artefacts having particular attributes 4. Clustering of test activities into test stages that can be executed in conjunction This paper focuses the following aspect: Adding new interfaces creates new test objects as well as it produces new or at least adjusted priorities for quality attributes requiring additional test activities on all test stages. Quality attributes for software can be taken from ISO 25000 family of standards. [3] In particular when adding new service interfaces to legacy applications the first time, security should be seen as one of the top priorities. Security is defined in the ISO 25010 standard as the Degree to which a product or system protects information and data so that persons or other products or systems have the degree of data access appropriate to their types and levels of authorization.en
dc.identifier.doi10.1007/BF03323481
dc.identifier.pissn0720-8928
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/8663
dc.language.isoen
dc.publisherKöllen Druck & Verlag GmbH
dc.relation.ispartofSoftwaretechnik-Trends: Vol. 32, No. 2
dc.relation.ispartofseriesSoftwaretechnik-Trends
dc.subjectTest Process
dc.subjectSecurity Test
dc.subjectLegacy Application
dc.subjectBrute Force Method
dc.subjectSoftware Product Quality
dc.titleFuzzing: Testing Security in Maintenance Projectsen
dc.typeText/Journal Article
gi.citation.endPage62
gi.citation.startPage61

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
40568_2013_Article_BF03323481.pdf
Größe:
174.45 KB
Format:
Adobe Portable Document Format