A model based testing method for Software Security Assurance
Journal Title: International Journal for Research in Applied Science and Engineering Technology (IJRASET) - Year 2016, Vol 4, Issue 4
Abstract
The importance of software security assurance is growing, but traditional development techniques have not kept pace with this need. New cost-effective tools for software quality and security assurance (SSA) are needed. This is consistent with the possible harm that could be result from the loss, incorrectness, alteration, unavailability, or misuse of the data and resources that uses, controls, and protects. This testing likes a penetration testing model to test the given software model. A penetration test can help verify whether a system is vulnerable to attack, if the defenses were sufficient, and which defenses the test defeated. Given a software model convert into Model-Implementation Description specification. The MID specification uses Petri net to capture both control and data-related requirements for functional testing, access control testing and penetration (pen test) testing with threat models. This model generates test code that can be executed quickly with the implementation under test, presents an automated test generation technique for integrated functional and security level testing of software systems. After generating test cases from the test model according to a given criterion, test code converts the test cases into executable test code by mapping model-level elements into implementation-level constructor. MISTA has implemented test generators for various test coverage criteria of test models, code generators for various scripting and programming languages, and test execution environments such as Java, C, C#, php, visual basic and HTML-Selenium IDE. MISTA has been applied to the functional and security testing of various real-world software systems. Security level testing based on the security assurance components are authentication, authorization, confidentially, availability, integrity and non-repudiation.
Authors and Affiliations
R. Nivesh, Dr. C. Chellappan
Keywords
Related Articles
- EP ID EP22068
- DOI -
- Views 223
- Downloads 4
An Efficient Algorithm for Approximate String Matching
The approximate string matching is the technique of finding strings that match a pattern approximately (rather than exactly). Most often when we need to match a pattern exact matching is not possible, due to insufficien...
Data Hiding Using Block Based Mosaic Images in Video
In today’s modern world the digital technologies have helped peoples to exchange data on large due to availability of fast internet connectivity it has become very easy to exchange data. The security, integrity and reli...
Vulnerability Assessment and Penetration Testing for Url’s Using Different Sql’s Injections Manually
vapt (vulnerability assessment and penetration testing) provides a critical observation of organization operating systems, web servers, database servers, access points and loop holes or back doors. It gives a more detai...
High Performance Cloud Computing
Abstract- HPC applications nowadays are gaining huge attention in cloud computing arena. Majority of the HPC applications are used for scientific applications or purposes. They require huge CPU usage and tremendous data...
Review on Recycled Concrete Aggregates
This review paper focuses on the mechanical and durability properties of concrete made with recycled concrete aggregates (RCA). Various techniques used by researchers: 1) replacing the proportion of normal aggregates by...