PURITY: A Planning-based secURITY Testing Tool

2015 ◽  
Author(s):  
Josip Bozic ◽  
Franz Wotawa
Keyword(s):  
Security Testing ◽  
Testing Tool

scholarly journals Audit Keamanan dan Manajemen Risiko pada e-Learning Universitas Sangga Buana

2021 ◽  
Vol 11 (1) ◽  
pp. 1-14
Author(s):  
Sandy Sandy ◽  
Hanhan Hanafiah Solihin
Keyword(s):  
Risk Management ◽  
Educational Institution ◽  
Learning System ◽  
Data Loss ◽  
Security Testing ◽  
Technological Advances ◽  
Testing Tool ◽  
E Learning ◽  
High System ◽  
The University

Universitas Sangga Buana is an educational institution that continues to develop thefollowing technological advances by creating an e-learning system for students to facilitatedistance learning. This system is relatively new and still being developed, allowing there are stillmany gaps that others can exploit, especially on the security side of the system. To reduce systemsecurity vulnerabilities and data loss risks, it is necessary to conduct an audit of the e-learningsystem at the Universitas Sangga Buana. The stages used to determine security systemvulnerabilities and risk management in e-learning systems use the NIST framework and theAcunetix application as a system security testing tool. The final result of the e-learning systemaudit is that the e-learning system of the University of Sangga Buana is at a reasonable level withno high system vulnerabilities found and well-implemented risk management.

scholarly journals Security Testing Tool for NoSQL Systems

2019 ◽  
Vol 8 (1) ◽  
pp. 85-93
Author(s):  
Muhammad A. Lawal and Mostaf A. Saleh Muhammad A. Lawal and Mostaf A. Saleh
Keyword(s):  
Relational Database ◽  
Finite Automaton ◽  
Recent Literature ◽  
Data Encryption ◽  
Deterministic Finite Automaton ◽  
Security Testing ◽  
Injection Attacks ◽  
Security Challenges ◽  
Testing Tool ◽  
Input Validation

NoSQL systems are becoming more popular due to their inherent advantages and solutions it provides to the limits of a relational database. However, despite its benefits, it comes with security challenges. In this paper, an input validation mechanism architecture is proposed for Mongo DB to detect and prevent NoSQL injection attacks, the mechanism employs a Deterministic Finite Automaton (DFA) approach to detect and prevent attacks on NoSQL systems. Furthermore, a security comparison of some NoSQL systems is provided based on recent literature. The security features compared are authentication, authorization, data encryption and input validation. The proposed mechanism will improve the security of Mongo DB system because invalid inputs requests will be detected and prevented from being processed.

ARMORY: An automatic security testing tool for buffer overflow defect detection

2013 ◽  
Vol 39 (7) ◽  
pp. 2233-2242 ◽  
Author(s):  
Li-Han Chen ◽  
Fu-Hau Hsu ◽  
Yanling Hwang ◽  
Mu-Chun Su ◽  
Wei-Shinn Ku ◽  
...  
Keyword(s):  
Defect Detection ◽  
Buffer Overflow ◽  
Security Testing ◽  
Testing Tool

Security Test by using F T M and Data Allocation Strategies on Leakage Detection

2005 ◽  
Vol 4 (2) ◽  
pp. 393-400
Author(s):  
Pallavali Radha ◽  
G. Sireesha
Keyword(s):  
Third Party ◽  
Distributed Data ◽  
Data Allocation ◽  
Security Testing ◽  
Sensitive Data ◽  
Sample Data ◽  
The One ◽  
Security Test ◽  
Data Request ◽  
Allocation Strategies

The data distributors work is to give sensitive data to a set of presumably trusted third party agents.The data i.e., sent to these third parties are available on the unauthorized places like web and or some ones systems, due to data leakage. The distributor must know the way the data was leaked from one or more agents instead of as opposed to having been independently gathered by other means. Our new proposal on data allocation strategies will improve the probability of identifying leakages along with Security attacks typically result from unintended behaviors or invalid inputs.  Due to too many invalid inputs in the real world programs is labor intensive about security testing.The most desirable thing is to automate or partially automate security-testing process. In this paper we represented Predicate/ Transition nets approach for security tests automated generationby using formal threat models to detect the agents using allocation strategies without modifying the original data.The guilty agent is the one who leaks the distributed data. To detect guilty agents more effectively the idea is to distribute the data intelligently to agents based on sample data request and explicit data request. The fake object implementation algorithms will improve the distributor chance of detecting guilty agents.

Sign in / Sign up

Export Citation Format

Share Document