A Database of Existing Vulnerabilities to Enable Controlled Testing Studies

2017 ◽  
Vol 8 (3) ◽  
pp. 1-23
Author(s):  
Sofia Rei ◽  
Rui Abreu
Keyword(s):  
Distributed Systems ◽  
Software Testing ◽  
Test Cases ◽  
Security Attacks ◽  
Security Vulnerabilities ◽  
The Real ◽  
Testing Techniques ◽  
Real Test

From holding worldwide companies' information hostage to keeping several distributed systems down for hours, the last years were marked by several security attacks which are the result of complex software and its fast production. There are already tools which can be used to help companies detect vulnerabilities responsible for such attacks. However, their reliability is still not the best and well discriminated. In software testing, researchers tend to use hand-seeded test cases or mutations due to the challenges involved in the extraction or reproduction of real test cases which might not be suitable for testing techniques, since both approaches can create samples that inadvertently differ from the real vulnerabilities and thus might lead to misleading assessments of the tools' capabilities. The lack of databases of real security vulnerabilities is an issue since it hampers the tools' evaluation and categorization. To study these tools, the researchers created a database of 682 real test cases which is the outcome of mining 248 repositories for 16 different vulnerability patterns.

WHAT INFORMATION IS RELEVANT WHEN SELECTING SOFTWARE TESTING TECHNIQUES?

2002 ◽  
Vol 12 (06) ◽  
pp. 657-674 ◽  
Author(s):  
SIRA VEGAS ◽  
NATALIA JURISTO ◽  
VICTOR BASILI
Keyword(s):  
Software Testing ◽  
Test Cases ◽  
Test Technique ◽  
Minimum Number ◽  
Testing Techniques

One of the main problems in software testing is the development of a suitable set of test cases so that the effectiveness of the test is maximised with a minimum number of test cases. A lot of testing techniques are now available for developing test cases. However, some of them are misused, others are never used and only a few are applied again and again. When developers have to decide what testing techniques(s) they should use in a project, they have little (if any) experiential information about the available testing techniques, their usefulness and, in general, how suited they are to the project. This paper presents the results of developing a characterization scheme for test technique selection. When instantiated for different techniques, the scheme should provide developers with enough information for choosing the best suited to their project. Thus, their decisions would be based on sound knowledge of the techniques, instead of perceptions, suppositions and assumptions.

scholarly journals Survey on Various Testing Techniques and Strategies for Bug Finding

2013 ◽  
Vol 11 (1) ◽  
pp. 2150-2155
Author(s):  
Mohit Kumar ◽  
Geetika Gandhi ◽  
Sushil Garg
Keyword(s):  
Software Testing ◽  
Verification And Validation ◽  
Test Cases ◽  
Validation Process ◽  
Software Product ◽  
Bug Finding ◽  
Testing Techniques ◽  
The Right ◽  
Selection Of

Software testing is verification and validation process aimed for evaluating a program and ensures that it meets the required result. The main goal of software testing is to uncover the errors in software. So the main aim of test cases is to derive set of tests that have highest probability of finding bugs. There are many approaches to software testing, but effective testing of any software product is essentially a tough process. It is nearly impossible to find all the errors in the program. The major problem in testing is what would be the strategy that we should adopt for testing. Thus, the selection of right strategy at the right time will make the software testing efficient and effective. In this paper I have described software testing techniques which are classified by purpose.

scholarly journals Review on Structural Software Testing Coverage Approaches

2021 ◽  
Vol 9 (VI) ◽  
pp. 2502-2508
Author(s):  
Yogesh Dev Singh
Keyword(s):  
Software Testing ◽  
Error Detection ◽  
Test Cases ◽  
Unit Testing ◽  
Automated Software Testing ◽  
Development Life Cycle ◽  
Testing Techniques ◽  
Automated Software ◽  
Software Bug ◽  
Testing Coverage

Testing is broadly classified into three levels: Unit Testing, Addition Testing, and System Testing. Whenever we think of developing any software we always concentrate on making the software bug free and most reliable. At this point of time Testing is used to make the software a bug free. Software Testing has been measured as the most important stage of the software development life cycle. Around 60% of resources and money are cast-off for the testing of software. Testing can be manual or automated. Software testing is an activity that emphases at assessing the competence of a program and commands that it truly meets the excellence results. There are many test cases that help in detecting the bugs so, in this paper we describe about the most commonly used test cases and testing techniques for the error detection.

Survey on Testing of BPEL Processes

2014 ◽  
Vol 13 (7) ◽  
pp. 4633-4637
Author(s):  
Gurpreet Kaur ◽  
Mrs. Gaganpreet Kaur
Keyword(s):  
Life Cycle ◽  
Software Testing ◽  
Test Case Generation ◽  
Test Case ◽  
Test Cases ◽  
Development Life Cycle ◽  
Testing Techniques ◽  
Critical Task ◽  
The Cost ◽  
Bpel Processes

Software testing is very important phase in any development Life Cycle. The test Case generation is critical task in any type of testing. The automation of test case generation is necessary to reduce cost and effort incurred in the testing of large software. Testing of the BPEL processes is new area of research and the automation of the test cases is necessary in order to find bugs in the processes and reduce the cost of the  testing business  processes .This paper focuses on the survey of the testing techniques used to test the BPEL processes.

A Simulation Software for the Evaluation of Vulnerabilities in Reputation Management Systems

2021 ◽  
Vol 37 (1-4) ◽  
pp. 1-30
Author(s):  
Vincenzo Agate ◽  
Alessandra De Paola ◽  
Giuseppe Lo Re ◽  
Marco Morana
Keyword(s):  
Quality Of Service ◽  
Distributed Systems ◽  
State Of The Art ◽  
Simulation Software ◽  
Reputation Management ◽  
Management Systems ◽  
Security Attacks ◽  
Vulnerability Evaluation ◽  
Multi Agent

Multi-agent distributed systems are characterized by autonomous entities that interact with each other to provide, and/or request, different kinds of services. In several contexts, especially when a reward is offered according to the quality of service, individual agents (or coordinated groups) may act in a selfish way. To prevent such behaviours, distributed Reputation Management Systems (RMSs) provide every agent with the capability of computing the reputation of the others according to direct past interactions, as well as indirect opinions reported by their neighbourhood. This last point introduces a weakness on gossiped information that makes RMSs vulnerable to malicious agents’ intent on disseminating false reputation values. Given the variety of application scenarios in which RMSs can be adopted, as well as the multitude of behaviours that agents can implement, designers need RMS evaluation tools that allow them to predict the robustness of the system to security attacks, before its actual deployment. To this aim, we present a simulation software for the vulnerability evaluation of RMSs and illustrate three case studies in which this tool was effectively used to model and assess state-of-the-art RMSs.

scholarly journals ESRFuzzer: an enhanced fuzzing framework for physical SOHO router devices to discover multi-Type vulnerabilities

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Yu Zhang ◽  
Wei Huo ◽  
Kunpeng Jian ◽  
Ji Shi ◽  
Longquan Liu ◽  
...  
Keyword(s):  
Web Server ◽  
Test Cases ◽  
Communication Model ◽  
Home Office ◽  
Security Vulnerabilities ◽  
Testing Environment ◽  
Semantic Models ◽  
Recovery Mechanisms ◽  
General Mode ◽  
Soho Router

AbstractSOHO (small office/home office) routers provide services for end devices to connect to the Internet, playing an important role in cyberspace. Unfortunately, security vulnerabilities pervasively exist in these routers, especially in the web server modules, greatly endangering end users. To discover these vulnerabilities, fuzzing web server modules of SOHO routers is the most popular solution. However, its effectiveness is limited due to the lack of input specification, lack of routers’ internal running states, and lack of testing environment recovery mechanisms. Moreover, existing works for device fuzzing are more likely to detect memory corruption vulnerabilities.In this paper, we propose a solution ESRFuzzer to address these issues. It is a fully automated fuzzing framework for testing physical SOHO devices. It continuously and effectively generates test cases by leveraging two input semantic models, i.e., KEY-VALUE data model and CONF-READ communication model, and automatically recovers the testing environment with power management. It also coordinates diversified mutation rules with multiple monitoring mechanisms to trigger multi-type vulnerabilities. With the guidance of the two semantic models, ESRFuzzer can work in two ways: general mode fuzzing and D-CONF mode fuzzing. General mode fuzzing can discover both issues which occur in the CONF and READ operation, while D-CONF mode fuzzing focus on the READ-op issues especially missed by general mode fuzzing.We ran ESRFuzzer on 10 popular routers across five vendors. In total, it discovered 136 unique issues, 120 of which have been confirmed as 0-day vulnerabilities we found. As an improvement of SRFuzzer, ESRFuzzer have discovered 35 previous undiscovered READ-op issues that belong to three vulnerability types, and 23 of them have been confirmed as 0-day vulnerabilities by vendors. The experimental results show that ESRFuzzer outperforms state-of-the-art solutions in terms of types and number of vulnerabilities found.

Software-driven Security Attacks: From Vulnerability Sources to Durable Hardware Defenses

2021 ◽  
Vol 17 (3) ◽  
pp. 1-38
Author(s):  
Lauren Biernacki ◽  
Mark Gallagher ◽  
Zhixing Xu ◽  
Misiker Tadesse Aga ◽  
Austin Harris ◽  
...  
Keyword(s):  
Life Cycle ◽  
Case Studies ◽  
Gain Control ◽  
Illustrative Case ◽  
Security Attacks ◽  
Specific Point ◽  
Security Vulnerabilities ◽  
Significant Challenge ◽  
Hardware Realization ◽  
Over Time

There is an increasing body of work in the area of hardware defenses for software-driven security attacks. A significant challenge in developing these defenses is that the space of security vulnerabilities and exploits is large and not fully understood. This results in specific point defenses that aim to patch particular vulnerabilities. While these defenses are valuable, they are often blindsided by fresh attacks that exploit new vulnerabilities. This article aims to address this issue by suggesting ways to make future defenses more durable based on an organization of security vulnerabilities as they arise throughout the program life cycle. We classify these vulnerability sources through programming, compilation, and hardware realization, and we show how each source introduces unintended states and transitions into the implementation. Further, we show how security exploits gain control by moving the implementation to an unintended state using knowledge of these sources and how defenses work to prevent these transitions. This framework of analyzing vulnerability sources, exploits, and defenses provides insights into developing durable defenses that could defend against broader categories of exploits. We present illustrative case studies of four important attack genealogies—showing how they fit into the presented framework and how the sophistication of the exploits and defenses have evolved over time, providing us insights for the future.

scholarly journals Performance of Enhanced Multiple-Searching Genetic Algorithm for Test Case Generation in Software Testing

Mathematics ◽  
2021 ◽  
Vol 9 (15) ◽  
pp. 1779
Author(s):  
Wanida Khamprapai ◽  
Cheng-Fa Tsai ◽  
Paohsi Wang ◽  
Chi-En Tsai
Keyword(s):  
Genetic Algorithm ◽  
Software Testing ◽  
Random Search ◽  
Automatic Generation ◽  
Superior Performance ◽  
Test Case Generation ◽  
Test Case ◽  
Test Cases ◽  
Network Systems ◽  
Routing Problem

Test case generation is an important process in software testing. However, manual generation of test cases is a time-consuming process. Automation can considerably reduce the time required to create adequate test cases for software testing. Genetic algorithms (GAs) are considered to be effective in this regard. The multiple-searching genetic algorithm (MSGA) uses a modified version of the GA to solve the multicast routing problem in network systems. MSGA can be improved to make it suitable for generating test cases. In this paper, a new algorithm called the enhanced multiple-searching genetic algorithm (EMSGA), which involves a few additional processes for selecting the best chromosomes in the GA process, is proposed. The performance of EMSGA was evaluated through comparison with seven different search-based techniques, including random search. All algorithms were implemented in EvoSuite, which is a tool for automatic generation of test cases. The experimental results showed that EMSGA increased the efficiency of testing when compared with conventional algorithms and could detect more faults. Because of its superior performance compared with that of existing algorithms, EMSGA can enable seamless automation of software testing, thereby facilitating the development of different software packages.

scholarly journals Automated Search-Based Robustness Testing for Autonomous Vehicle Software

2016 ◽  
Vol 2016 ◽  
pp. 1-15 ◽  
Author(s):  
Kevin M. Betts ◽  
Mikel D. Petty
Keyword(s):  
Monte Carlo ◽  
Performance Metrics ◽  
Initial Conditions ◽  
Autonomous Vehicle ◽  
Vehicle Control ◽  
Test Case ◽  
Test Cases ◽  
Control Software ◽  
Robustness Testing ◽  
Testing Techniques

Autonomous systems must successfully operate in complex time-varying spatial environments even when dealing with system faults that may occur during a mission. Consequently, evaluating the robustness, or ability to operate correctly under unexpected conditions, of autonomous vehicle control software is an increasingly important issue in software testing. New methods to automatically generate test cases for robustness testing of autonomous vehicle control software in closed-loop simulation are needed. Search-based testing techniques were used to automatically generate test cases, consisting of initial conditions and fault sequences, intended to challenge the control software more than test cases generated using current methods. Two different search-based testing methods, genetic algorithms and surrogate-based optimization, were used to generate test cases for a simulated unmanned aerial vehicle attempting to fly through an entryway. The effectiveness of the search-based methods in generating challenging test cases was compared to both a truth reference (full combinatorial testing) and the method most commonly used today (Monte Carlo testing). The search-based testing techniques demonstrated better performance than Monte Carlo testing for both of the test case generation performance metrics: (1) finding the single most challenging test case and (2) finding the set of fifty test cases with the highest mean degree of challenge.

Sign in / Sign up

Export Citation Format

Share Document