Analysis of Software Vulnerabilities, Measures for Prevention and Protection and Security Testing

2021 ◽  
Author(s):  
Ognian Nakov ◽  
Roumen Trifonov ◽  
Galya Pavlova ◽  
Plamen Nakov
Keyword(s):  
Security Testing ◽  
Software Vulnerabilities

Techniques and Trends Towards Various Dimensions of Robust Security Testing in Global Software Engineering

2019 ◽  
pp. 219-251
Author(s):  
Muhammad Sulleman Memon ◽  
Mairaj Nabi Bhatti ◽  
Manzoor Ahmed Hashmani ◽  
Muhammad Shafique Malik ◽  
Naveed Murad Dahri
Keyword(s):  
Complete Analysis ◽  
Security Testing ◽  
Safety Issues ◽  
Software Vulnerabilities ◽  
Security Issues ◽  
Evaluation Strategies ◽  
Software Program ◽  
High Level ◽  
Technical Assessment ◽  
Global Software Engineering

With the growth of software vulnerabilities, the demand for security integration is increasingly necessary to more effectively achieve the goal of secure software development globally. Different practices are used to keep the software intact. These practices should also be examined to obtain better results depending on the level of security. The security of a software program device is a characteristic that permeates the whole system. To resolve safety issues in a software program security solutions have to be implemented continually throughout each web page. The motive of this study is to offer a complete analysis of safety, wherein protection testing strategies and equipment can be categorized into: technical evaluation strategies and non-technical assessment strategies. This study presents high-level ideas in an easy form that would help professionals and researchers solve software security testing problems around the world. One way to achieve these goals is to separate security issues from other enforcement issues so that they can be resolved independently and applied globally.

Techniques and Trends Towards Various Dimensions of Robust Security Testing in Global Software Engineering

2022 ◽  
pp. 1245-1271
Author(s):  
Muhammad Sulleman Memon ◽  
Mairaj Nabi Bhatti ◽  
Manzoor Ahmed Hashmani ◽  
Muhammad Shafique Malik ◽  
Naveed Murad Dahri
Keyword(s):  
Complete Analysis ◽  
Security Testing ◽  
Safety Issues ◽  
Software Vulnerabilities ◽  
Security Issues ◽  
Evaluation Strategies ◽  
Software Program ◽  
High Level ◽  
Technical Assessment ◽  
Global Software Engineering

With the growth of software vulnerabilities, the demand for security integration is increasingly necessary to more effectively achieve the goal of secure software development globally. Different practices are used to keep the software intact. These practices should also be examined to obtain better results depending on the level of security. The security of a software program device is a characteristic that permeates the whole system. To resolve safety issues in a software program security solutions have to be implemented continually throughout each web page. The motive of this study is to offer a complete analysis of safety, wherein protection testing strategies and equipment can be categorized into: technical evaluation strategies and non-technical assessment strategies. This study presents high-level ideas in an easy form that would help professionals and researchers solve software security testing problems around the world. One way to achieve these goals is to separate security issues from other enforcement issues so that they can be resolved independently and applied globally.

scholarly journals Development of a fuzzy GERT-model for investigating common software vulnerabilities

2021 ◽  
Vol 6 (2 (114)) ◽  
pp. 6-18
Author(s):  
Serhii Semenov ◽  
Liqiang Zhang ◽  
Weiling Cao ◽  
Serhii Bulba ◽  
Vira Babenko ◽  
...  
Keyword(s):  
Structural Model ◽  
Reference Model ◽  
Security Testing ◽  
Software Vulnerabilities ◽  
Intermediate Data ◽  
Extended Range ◽  
Mathematical Formalization ◽  
Gert Network ◽  
Fuzzy Network ◽  
Analytical Expressions

This paper has determined the relevance of the issue related to improving the accuracy of the results of mathematical modeling of the software security testing process. The fuzzy GERT-modeling methods have been analyzed. The necessity and possibility of improving the accuracy of the results of mathematical formalization of the process of studying software vulnerabilities under the conditions of fuzziness of input and intermediate data have been determined. To this end, based on the mathematical apparatus of fuzzy network modeling, a fuzzy GERT model has been built for investigating software vulnerabilities. A distinctive feature of this model is to take into consideration the probabilistic characteristics of transitions from state to state along with time characteristics. As part of the simulation, the following stages of the study were performed. To schematically describe the procedures for studying software vulnerabilities, a structural model of this process has been constructed. A "reference GERT model" has been developed for investigating software vulnerabilities. The process was described in the form of a standard GERT network. The algorithm of equivalent transformations of the GERT network has been improved, which differs from known ones by considering the capabilities of the extended range of typical structures of parallel branches between neighboring nodes. Analytical expressions are presented to calculate the average time spent in the branches and the probability of successful completion of studies in each node. The calculation of these probabilistic-temporal characteristics has been carried out in accordance with data on the simplified equivalent fuzzy GERT network for the process of investigating software vulnerabilities. Comparative studies were conducted to confirm the accuracy and reliability of the results obtained. The results of the experiment showed that in comparison with the reference model, the fuzziness of the input characteristic of the time of conducting studies of software vulnerabilities was reduced, which made it possible to improve the accuracy of the simulation results.

Security Test by using F T M and Data Allocation Strategies on Leakage Detection

2005 ◽  
Vol 4 (2) ◽  
pp. 393-400
Author(s):  
Pallavali Radha ◽  
G. Sireesha
Keyword(s):  
Third Party ◽  
Distributed Data ◽  
Data Allocation ◽  
Security Testing ◽  
Sensitive Data ◽  
Sample Data ◽  
The One ◽  
Security Test ◽  
Data Request ◽  
Allocation Strategies

The data distributors work is to give sensitive data to a set of presumably trusted third party agents.The data i.e., sent to these third parties are available on the unauthorized places like web and or some ones systems, due to data leakage. The distributor must know the way the data was leaked from one or more agents instead of as opposed to having been independently gathered by other means. Our new proposal on data allocation strategies will improve the probability of identifying leakages along with Security attacks typically result from unintended behaviors or invalid inputs.  Due to too many invalid inputs in the real world programs is labor intensive about security testing.The most desirable thing is to automate or partially automate security-testing process. In this paper we represented Predicate/ Transition nets approach for security tests automated generationby using formal threat models to detect the agents using allocation strategies without modifying the original data.The guilty agent is the one who leaks the distributed data. To detect guilty agents more effectively the idea is to distribute the data intelligently to agents based on sample data request and explicit data request. The fake object implementation algorithms will improve the distributor chance of detecting guilty agents.

Security Testing on Web Based Application

2018 ◽  
Vol 6 (12) ◽  
pp. 553-557
Author(s):  
A. Punitha ◽  
D. Sukanya Bai ◽  
K. Lavanya
Keyword(s):  
Security Testing ◽  
Web Based

scholarly journals Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach

Cybersecurity ◽  
2020 ◽  
Vol 3 (1) ◽  
Author(s):  
Tiago Espinha Gasiba ◽  
Ulrike Lechner ◽  
Maria Pinto-Albuquerque
Keyword(s):  
Real Life ◽  
Critical Infrastructures ◽  
Automatic Assessment ◽  
Software Developers ◽  
Software Vulnerabilities ◽  
Secure Coding ◽  
Industrial Software ◽  
Industrial Standards ◽  
Coding Guidelines ◽  
Industrial Context

AbstractSoftware vulnerabilities, when actively exploited by malicious parties, can lead to catastrophic consequences. Proper handling of software vulnerabilities is essential in the industrial context, particularly when the software is deployed in critical infrastructures. Therefore, several industrial standards mandate secure coding guidelines and industrial software developers’ training, as software quality is a significant contributor to secure software. CyberSecurity Challenges (CSC) form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry. These cybersecurity awareness events have been used with success in industrial environments. However, until now, these coached events took place on-site. In the present work, we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online. The introduced cybersecurity awareness platform, which the authors call Sifu, performs automatic assessment of challenges in compliance to secure coding guidelines, and uses an artificial intelligence method to provide players with solution-guiding hints. Furthermore, due to its characteristics, the Sifu platform allows for remote (online) learning, in times of social distancing. The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events. We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.

Sign in / Sign up

Export Citation Format

Share Document