Improvised Tool for Security Testing
VerifiedAdded on 2022/01/17
|31
|6112
|125
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
An Analytical Approach for
Obtaining the Improvised Tool for
Security Testing
Abstract
Obtaining the Improvised Tool for
Security Testing
Abstract
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
List of Figures
List of Tables
List of Abbreviations
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
TABLE OF CONTENTS
Chapter-1 Introduction.......................................................................................................................6
Chapter-2 Literature Review..............................................................................................................6
Chapter-3 Methodology......................................................................................................................6
Chapter-4 Experimental Procedure...................................................................................................6
Chapter-5 Analysis and Result...........................................................................................................6
Chapter-6 Discussion...........................................................................................................................6
Chapter-7 Conclusion..........................................................................................................................6
References............................................................................................................................................6
Chapter-1 Introduction.......................................................................................................................6
Chapter-2 Literature Review..............................................................................................................6
Chapter-3 Methodology......................................................................................................................6
Chapter-4 Experimental Procedure...................................................................................................6
Chapter-5 Analysis and Result...........................................................................................................6
Chapter-6 Discussion...........................................................................................................................6
Chapter-7 Conclusion..........................................................................................................................6
References............................................................................................................................................6
1 CHAPTER-1 INTRODUCTION
In the field of software development, different types of programming languages are used for the
designing of the software. In most cases, the developer chooses such a programming language that is
not open-source. However, not all of those kinds of software are eligible for creating the software.
Thus, in most cases, for the purpose of software development, Java, C and Python are used. This is
because all are eligible for creating the executable files. However, the executable files or software are
mostly sensitive to be attacked by the cybercriminals as for the vulnerability issues in it (Li, 2010).
Thus, after creating or designing software, security and functional testing are done to make sure about
the quality and health of the software.
Generally, open-source code is considered as less secured as it is using the open-source libraries as
well which are developed by some third party who do not disclose the internal operations of those
libraries. This is because, those kinds of codes can be easily hacked by the attackers as they will try to
penetrate into the code surface and will steal all the valuable and confidential information from the
code and server (Jinan et al., 2017). The sensitive issues are found in web frameworks and software
applications. Most of the web framework is done using Java and Python (Flask or Django) which is
open source. The backend of the database is designed based on the required data storage.
Thus, the identification and detection of vulnerability are essential for those software or backend
coding. There are different tools that are available which are used to check the vulnerabilities in a
source code. In this project, some tolls will be identified through which the codes will be tested for
vulnerabilities.
1.1 VULNERABILITIES
Software vulnerabilities in a certain code are the flaws or weaknesses that are present in that code.
These are often caused by the flaw, glitch or weakness that are present in the software through which
the code has been written (Hou et al., 2018). To write and design a sophisticated code, the flaws
thatare the vulnerabilities should be prevented. However, to prevent the code from vulnerabilities, the
reason and behaviour of all of the possible vulnerabilities need to be identified. The finding of the
code vulnerabilities can be done both manually and with the application of tools. However, all of the
vulnerabilities cannot be found through a manual search. Thus, the tools are required through which
the vulnerabilities can be found. There are different vulnerabilities present in Python which is an
In the field of software development, different types of programming languages are used for the
designing of the software. In most cases, the developer chooses such a programming language that is
not open-source. However, not all of those kinds of software are eligible for creating the software.
Thus, in most cases, for the purpose of software development, Java, C and Python are used. This is
because all are eligible for creating the executable files. However, the executable files or software are
mostly sensitive to be attacked by the cybercriminals as for the vulnerability issues in it (Li, 2010).
Thus, after creating or designing software, security and functional testing are done to make sure about
the quality and health of the software.
Generally, open-source code is considered as less secured as it is using the open-source libraries as
well which are developed by some third party who do not disclose the internal operations of those
libraries. This is because, those kinds of codes can be easily hacked by the attackers as they will try to
penetrate into the code surface and will steal all the valuable and confidential information from the
code and server (Jinan et al., 2017). The sensitive issues are found in web frameworks and software
applications. Most of the web framework is done using Java and Python (Flask or Django) which is
open source. The backend of the database is designed based on the required data storage.
Thus, the identification and detection of vulnerability are essential for those software or backend
coding. There are different tools that are available which are used to check the vulnerabilities in a
source code. In this project, some tolls will be identified through which the codes will be tested for
vulnerabilities.
1.1 VULNERABILITIES
Software vulnerabilities in a certain code are the flaws or weaknesses that are present in that code.
These are often caused by the flaw, glitch or weakness that are present in the software through which
the code has been written (Hou et al., 2018). To write and design a sophisticated code, the flaws
thatare the vulnerabilities should be prevented. However, to prevent the code from vulnerabilities, the
reason and behaviour of all of the possible vulnerabilities need to be identified. The finding of the
code vulnerabilities can be done both manually and with the application of tools. However, all of the
vulnerabilities cannot be found through a manual search. Thus, the tools are required through which
the vulnerabilities can be found. There are different vulnerabilities present in Python which is an
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
open-source coding language (Dhivvya et al., 2019). Some of the important vulnerabilities in python
code are listed below:
Insufficient Logging and Monitoring: This is one of the dangerous vulnerabilities which
causes the breach or tampering with the data that are accessed by python and stored in the
backend database.
Injection Flaws: It occurs when untrusted data is sent as part of a command or query to the
remote location or port. The cybercriminals then try to attack by applying the sophisticated
trick to the targeted system using unintended commands (Klyokta et al., 2019).
Sensitive Data Exposure: The flaws regarding credential management like the username and
password will incur a significant loss to the user.
Cross-Site Scripting Flaws: This is a type of risk in the web script through which
cybercriminals use to target a web page and steal all the data from there and create a new web
page. On that new web page, the same content will be replicated which distract the users
(Katole et al., 2018).
Broken Authentication: This is another type of vulnerability through which the user
credentials can be stolen as the code does not provide the integral measure to save the
credentials securely.
1.2 SOFTWARE SYSTEM VULNERABILITIES
<1000 WORDS>
USE THIS LINK FOR REF: https://www.compuquip.com/blog/computer-security-vulnerabilities
1.2.1 Types of Security Vulnerability
Hidden Backdoor Programs
Admin Account Privileges
Automated Running of Scripts
Unknown Security Bugs in Software
code are listed below:
Insufficient Logging and Monitoring: This is one of the dangerous vulnerabilities which
causes the breach or tampering with the data that are accessed by python and stored in the
backend database.
Injection Flaws: It occurs when untrusted data is sent as part of a command or query to the
remote location or port. The cybercriminals then try to attack by applying the sophisticated
trick to the targeted system using unintended commands (Klyokta et al., 2019).
Sensitive Data Exposure: The flaws regarding credential management like the username and
password will incur a significant loss to the user.
Cross-Site Scripting Flaws: This is a type of risk in the web script through which
cybercriminals use to target a web page and steal all the data from there and create a new web
page. On that new web page, the same content will be replicated which distract the users
(Katole et al., 2018).
Broken Authentication: This is another type of vulnerability through which the user
credentials can be stolen as the code does not provide the integral measure to save the
credentials securely.
1.2 SOFTWARE SYSTEM VULNERABILITIES
<1000 WORDS>
USE THIS LINK FOR REF: https://www.compuquip.com/blog/computer-security-vulnerabilities
1.2.1 Types of Security Vulnerability
Hidden Backdoor Programs
Admin Account Privileges
Automated Running of Scripts
Unknown Security Bugs in Software
1.3 AIM AND OBJECTIVES
This dissertation aims to detect the vulnerabilities in a code. In this context, python has been selected
as the coding which will be tested for vulnerabilities. This detection of the vulnerabilities will be done
through the application of tools that will be chosen in this context. To fulfil the aim, the following
objectives have been taken:
1. In this research, primarily some tools will be identified which are used for checking the
source code vulnerabilities. The tools will be chosen such that some of those can work in
Linux operating system and some others will be operated in Windows as well. So, the source
code testing will be done in both two operating systems (Penta et al., 2008).
2. After the choice of tools, the source code will be collected in the domain of Python which
may include the vulnerabilities. This selected code will be checked for vulnerability in those
selected tools.
3. There may be some vulnerability that may not be detected using a certain tool but is detected
using another tool. So, the check for the vulnerability will be done using all of the selected
tools (Zimmermann et al., 2010).
4. Next, the vulnerability will be checked and compared in Windows Operating System and
Linux Operating System (Kanashiro et al., 2017).
5. Finally, the tool will be designed by taking the operating idea of the used tools to detect the
vulnerability of source codes.
With those aims, the project will be conducted with in-depth analysis to check for the vulnerability
and to fix them using multiple tools.
1.4 RESEARCH QUESTIONS
The research questions that have been taken into consideration in this research are:
RQ1:What is the best way to detect security vulnerabilities in source code that is selected to be under
test
RQ2:How to rank software security testing tools from the list of tools selected for research for
selected source code?
RQ3:How can one identify critical types of vulnerabilities in a python written system using static code
analysis?
This dissertation aims to detect the vulnerabilities in a code. In this context, python has been selected
as the coding which will be tested for vulnerabilities. This detection of the vulnerabilities will be done
through the application of tools that will be chosen in this context. To fulfil the aim, the following
objectives have been taken:
1. In this research, primarily some tools will be identified which are used for checking the
source code vulnerabilities. The tools will be chosen such that some of those can work in
Linux operating system and some others will be operated in Windows as well. So, the source
code testing will be done in both two operating systems (Penta et al., 2008).
2. After the choice of tools, the source code will be collected in the domain of Python which
may include the vulnerabilities. This selected code will be checked for vulnerability in those
selected tools.
3. There may be some vulnerability that may not be detected using a certain tool but is detected
using another tool. So, the check for the vulnerability will be done using all of the selected
tools (Zimmermann et al., 2010).
4. Next, the vulnerability will be checked and compared in Windows Operating System and
Linux Operating System (Kanashiro et al., 2017).
5. Finally, the tool will be designed by taking the operating idea of the used tools to detect the
vulnerability of source codes.
With those aims, the project will be conducted with in-depth analysis to check for the vulnerability
and to fix them using multiple tools.
1.4 RESEARCH QUESTIONS
The research questions that have been taken into consideration in this research are:
RQ1:What is the best way to detect security vulnerabilities in source code that is selected to be under
test
RQ2:How to rank software security testing tools from the list of tools selected for research for
selected source code?
RQ3:How can one identify critical types of vulnerabilities in a python written system using static code
analysis?
2 CHAPTER-2 LITERATURE REVIEW
as stated by (Núñez et al., 2020), a large number of cyberattacks happen each day. The
disclosure of weak systems accelerates the spread of computer assaults with catastrophic
repercussions, mainly when directed at critical infrastructures, industrial activities, or Internet
of Things devices. Traditional software development methods take a proactive strategy,
delegating security tasks to the later phases of the programme life cycle. Nonetheless,
software development models should incorporate functionality as well as aggressive
responses to security issues. Such techniques take into account security operations that span
the entire software development phase. The figure below compares all of the models'
commonalities and contrasts using a Venn Euler diagram.
as stated by (Núñez et al., 2020), a large number of cyberattacks happen each day. The
disclosure of weak systems accelerates the spread of computer assaults with catastrophic
repercussions, mainly when directed at critical infrastructures, industrial activities, or Internet
of Things devices. Traditional software development methods take a proactive strategy,
delegating security tasks to the later phases of the programme life cycle. Nonetheless,
software development models should incorporate functionality as well as aggressive
responses to security issues. Such techniques take into account security operations that span
the entire software development phase. The figure below compares all of the models'
commonalities and contrasts using a Venn Euler diagram.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Figure: Comparison of the studied models
Although conventional models have shown their usefulness, they have some flaws, primarily
the result of a reactive mindset in which the goal is to cure security problems rather than
avoid them. All these are a few of the explanations for why such models have become
obsolete. The new model incorporates the improved security actions of such well-known
models and other security jobs while eliminating the shortcomings of the existing framework
and taking a proactive approach. Therefore, the new tasks contained in the Viewnext-UEx
Although conventional models have shown their usefulness, they have some flaws, primarily
the result of a reactive mindset in which the goal is to cure security problems rather than
avoid them. All these are a few of the explanations for why such models have become
obsolete. The new model incorporates the improved security actions of such well-known
models and other security jobs while eliminating the shortcomings of the existing framework
and taking a proactive approach. Therefore, the new tasks contained in the Viewnext-UEx
model allow for the avoidance of weaknesses, the performance of empirical reporting, and
the tracking of the software's security state mostly during the development phase. The
Viewnext-UEx model has been validated using real-world data. According to the research
study, the amount of identified weaknesses has decreased by 66percent. Vulnerabilities' risk
level is also significantly reduced. This results in noticeable cost savings and delays, which
are especially apparent in the later development stages. The security and reliability of
programming are improved, as is development efficiency.
As stated by (Al-Zahrani, 2020), the reason for the continuously growing data thefts is a lack
of available security forces in software nowadays. Regrettably, more significant ICT usage
has resulted in an unprecedented surge in security breaches and information pilferage.
People's and organisations' digital (data) resources are incredibly vulnerable. The rising use
of switches as well as other electronic objects, as well as the abundance of digital information
flow, has dramatically enhanced usable-security requirements. In real-world problems, fuzzy
logic is instrumental, especially when we cannot determine whether a given approach is
absolutely legitimate or completely untrue. Fuzzy logic is similar to human thinking and
effectively overcomes inaccuracies and uncertainty in decision-making. An analysis of
previous high-quality research articles and other trustworthy reliable sources can be used for
attribute identification and choosing for usable-security evaluations for healthcare
management system apps.
the tracking of the software's security state mostly during the development phase. The
Viewnext-UEx model has been validated using real-world data. According to the research
study, the amount of identified weaknesses has decreased by 66percent. Vulnerabilities' risk
level is also significantly reduced. This results in noticeable cost savings and delays, which
are especially apparent in the later development stages. The security and reliability of
programming are improved, as is development efficiency.
As stated by (Al-Zahrani, 2020), the reason for the continuously growing data thefts is a lack
of available security forces in software nowadays. Regrettably, more significant ICT usage
has resulted in an unprecedented surge in security breaches and information pilferage.
People's and organisations' digital (data) resources are incredibly vulnerable. The rising use
of switches as well as other electronic objects, as well as the abundance of digital information
flow, has dramatically enhanced usable-security requirements. In real-world problems, fuzzy
logic is instrumental, especially when we cannot determine whether a given approach is
absolutely legitimate or completely untrue. Fuzzy logic is similar to human thinking and
effectively overcomes inaccuracies and uncertainty in decision-making. An analysis of
previous high-quality research articles and other trustworthy reliable sources can be used for
attribute identification and choosing for usable-security evaluations for healthcare
management system apps.
Figure: Usable-security attributes
In this research, the software company's aim of offering usable security agencies is built on
fuzzy ANP-TOPSIS. One such methodology is an essential MCDM technique. In
collaboration with ANP, Fuzzy is used in the ANP network to evaluate component values and
their compliance with one another. Lastly, the TOPSIS technique was used to sort the
alternatives. Alternative HMSSS1 gives maximum customer enjoyment while maintaining
optimal health. The suggested evaluation method might aid doctors in developing high-
quality items with the required level of usable security for internet-based hospital
management systems.
According to (Wang et al., 2018), the security protection of information faces serious issues.
It is a universal truth that the information interaction, as well as the transmission, is always at
risk in the life cycle of software testing procedures. It has been recognized that the specificity
In this research, the software company's aim of offering usable security agencies is built on
fuzzy ANP-TOPSIS. One such methodology is an essential MCDM technique. In
collaboration with ANP, Fuzzy is used in the ANP network to evaluate component values and
their compliance with one another. Lastly, the TOPSIS technique was used to sort the
alternatives. Alternative HMSSS1 gives maximum customer enjoyment while maintaining
optimal health. The suggested evaluation method might aid doctors in developing high-
quality items with the required level of usable security for internet-based hospital
management systems.
According to (Wang et al., 2018), the security protection of information faces serious issues.
It is a universal truth that the information interaction, as well as the transmission, is always at
risk in the life cycle of software testing procedures. It has been recognized that the specificity
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
along with its sensitive data regarding the industry which was confined in software can easily
tends to some hidden danger of security. There are various kinds of security dangers such as
copy, tampering of information, intercepted, and many others. The main issues which have
been arrises because of security events are known as data loss and leakage of information, the
spread of viruses in software data, and many others.The information software system has
some specific aims in its ground by which they can give assurance regarding the safety of
documentation. The study paper reflects the matter of fact that authenticity of the document,
confidentiality regarding the data which has been stored in the software, the integrity of
specific document, availability, controllability, recognition, non-repudiation are some of the
most significant features that require to be involved in the information security software. It
has been identified that a hugeamount of test data, as well as documents thatare interlinked
with theprivatedata of the testing software, are formed in the method of software tests.
Information security has a significant role in sensitive data as it helps to maintain the privacy
policy adequately. A specific statement has been recognized in this paper that the demand in
terms of information security the whole information isanalyzed in the time of testing, and
then adjust with an aspectof information security and lastly, the information security issues
are discussed in the methodology of software test. The procedure of software testing
involved various concepts such as requirement analysis, testing to plan, design testing,
implementation of design, execution of the test, and many others. Every individual testing
procedure is required for information security protection. The study paper clearly shows the
factor that In the phase of test requirement analysis, most of the time the test group gets the
test object of the assignee. After receiving the object theytest to charge distribute test object
to test members as per the division of the project. It has some important features such as it
ensure the privacy policy of test objects of the storage as well as distribution.
tends to some hidden danger of security. There are various kinds of security dangers such as
copy, tampering of information, intercepted, and many others. The main issues which have
been arrises because of security events are known as data loss and leakage of information, the
spread of viruses in software data, and many others.The information software system has
some specific aims in its ground by which they can give assurance regarding the safety of
documentation. The study paper reflects the matter of fact that authenticity of the document,
confidentiality regarding the data which has been stored in the software, the integrity of
specific document, availability, controllability, recognition, non-repudiation are some of the
most significant features that require to be involved in the information security software. It
has been identified that a hugeamount of test data, as well as documents thatare interlinked
with theprivatedata of the testing software, are formed in the method of software tests.
Information security has a significant role in sensitive data as it helps to maintain the privacy
policy adequately. A specific statement has been recognized in this paper that the demand in
terms of information security the whole information isanalyzed in the time of testing, and
then adjust with an aspectof information security and lastly, the information security issues
are discussed in the methodology of software test. The procedure of software testing
involved various concepts such as requirement analysis, testing to plan, design testing,
implementation of design, execution of the test, and many others. Every individual testing
procedure is required for information security protection. The study paper clearly shows the
factor that In the phase of test requirement analysis, most of the time the test group gets the
test object of the assignee. After receiving the object theytest to charge distribute test object
to test members as per the division of the project. It has some important features such as it
ensure the privacy policy of test objects of the storage as well as distribution.
As stated by (Yang et al., 2009), Fuzz testing is a well-knowntechnology in terms of finding
privacy vulnerabilities in software. It has been seen that the traditional fuzz testing
application use unsystematic inputs as well as witness the outcome of it. This research paper
shows astructure that is model-based fuzz and this framework is mainly for systematic
automated testing of a Trusted Software Stack implementation. In recent years the trusted
computing has become one of the most efficient applications in the field of information
privacy policy. The study paper also reflects the matter of fact that a series of technical
specifications regarding TCM, TNC, and many others are established by the Trusted
Computing Group. On the other hand, the hardware Trusted Platform Module
offersindividual PC with a secure framework that can able to store secret data. Similarly, it
also helps togenerate cryptographic keys along with applyingcryptographic functions like
encryption and signatures in digital format. Additionally, trusted computing has an apparatus
which is known as remote attestation and this mechanism helps to obtain cryptographically
strong guarantees regarding the state of a remote platform. Configuration of the platforms,
running software as well as the recognition of its users are involves in this kind of
authenticity. This sign indicates that the trusted computing can increase platform security
effectively. In other words, the violation of the security code and kind of security failure
makes an impact on the security vulnerabilities that are found in software code. The study
paper also reflects the factor that overflow of buffer, overflow of integrate and many other
issues can be arrises because of a security violation. There is a basic procedure in terms of
checking the accuracy of software code which is known as security testing. The study paper
has the aim to reflect the reliability as well as security of the TCG which is issues by the
project of Danity. The framework of model-based fuzz has been introduced in the paper
adequately which helps to recognize numerous vulnerabilities in terms of the implementation
of Trusted Software Stack.The structure is mainly based on the testing procedure of
privacy vulnerabilities in software. It has been seen that the traditional fuzz testing
application use unsystematic inputs as well as witness the outcome of it. This research paper
shows astructure that is model-based fuzz and this framework is mainly for systematic
automated testing of a Trusted Software Stack implementation. In recent years the trusted
computing has become one of the most efficient applications in the field of information
privacy policy. The study paper also reflects the matter of fact that a series of technical
specifications regarding TCM, TNC, and many others are established by the Trusted
Computing Group. On the other hand, the hardware Trusted Platform Module
offersindividual PC with a secure framework that can able to store secret data. Similarly, it
also helps togenerate cryptographic keys along with applyingcryptographic functions like
encryption and signatures in digital format. Additionally, trusted computing has an apparatus
which is known as remote attestation and this mechanism helps to obtain cryptographically
strong guarantees regarding the state of a remote platform. Configuration of the platforms,
running software as well as the recognition of its users are involves in this kind of
authenticity. This sign indicates that the trusted computing can increase platform security
effectively. In other words, the violation of the security code and kind of security failure
makes an impact on the security vulnerabilities that are found in software code. The study
paper also reflects the factor that overflow of buffer, overflow of integrate and many other
issues can be arrises because of a security violation. There is a basic procedure in terms of
checking the accuracy of software code which is known as security testing. The study paper
has the aim to reflect the reliability as well as security of the TCG which is issues by the
project of Danity. The framework of model-based fuzz has been introduced in the paper
adequately which helps to recognize numerous vulnerabilities in terms of the implementation
of Trusted Software Stack.The structure is mainly based on the testing procedure of
BlackBox fuzz, test algorithm, and many other. Even it is also identified in the study paper
that proper as well as depthtesting can be done With the bits of help of smart generation and
the various case of semantic aware test. The detection of programming bugs and the
elimination of those bugs assure the users of high-quality privacy. Traversal algorithm, test
algorithm, the generic algorithm has been used in the article.
As mentioned by (Parizi et al., 2018), upward growth of the software industry makes an
immense impact on the world economy as the usage of software has become incomparable in
the modern world. On the other hand, the consistent growth of this industry attracted mass
people as well as increases the number of cybercriminals.attacks by cybercriminals. It has
been seen that the complexion is increasing recently because Producing reliable as well as
secure software is tough because of its growing complexity and the enhancing number of
sophisticated attacks. Software developers cannot assure that the security measures of their
applications are impenetrable. Therefore there is always a matter of risk in terms of the
privacy policy of the software. The study paper reflects the matter of fact that Therange of
computing has helps tolengthen the dependency of the society in the context of securing the
application of the software in terms of ensuring national security policy as well as safety. On
the other hand, the excessive spread of cyber attackstends to pose serious challenges to MNC,
companies, individuals, and most important countries. The vulnerability of security work as
the development progress in the context of software application. It is recognized that a
perimeter or a procedure of defending this fraud is not enoughbecause most of the time the
perimeter fades away because of the continuous integration along with delivery. Therefore it
can be stated that passive defenseapplication is not enough or not insufficient in the context
of counteringdynamic-behavior vulnerabilities. This dynamic nature may be used by
attackers to get past the pastprivacymeasurement.Software security plays a major role
considering the numerous perspective of cyber security. The study paper also shows the
that proper as well as depthtesting can be done With the bits of help of smart generation and
the various case of semantic aware test. The detection of programming bugs and the
elimination of those bugs assure the users of high-quality privacy. Traversal algorithm, test
algorithm, the generic algorithm has been used in the article.
As mentioned by (Parizi et al., 2018), upward growth of the software industry makes an
immense impact on the world economy as the usage of software has become incomparable in
the modern world. On the other hand, the consistent growth of this industry attracted mass
people as well as increases the number of cybercriminals.attacks by cybercriminals. It has
been seen that the complexion is increasing recently because Producing reliable as well as
secure software is tough because of its growing complexity and the enhancing number of
sophisticated attacks. Software developers cannot assure that the security measures of their
applications are impenetrable. Therefore there is always a matter of risk in terms of the
privacy policy of the software. The study paper reflects the matter of fact that Therange of
computing has helps tolengthen the dependency of the society in the context of securing the
application of the software in terms of ensuring national security policy as well as safety. On
the other hand, the excessive spread of cyber attackstends to pose serious challenges to MNC,
companies, individuals, and most important countries. The vulnerability of security work as
the development progress in the context of software application. It is recognized that a
perimeter or a procedure of defending this fraud is not enoughbecause most of the time the
perimeter fades away because of the continuous integration along with delivery. Therefore it
can be stated that passive defenseapplication is not enough or not insufficient in the context
of counteringdynamic-behavior vulnerabilities. This dynamic nature may be used by
attackers to get past the pastprivacymeasurement.Software security plays a major role
considering the numerous perspective of cyber security. The study paper also shows the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
aspect that cyber vulnerabilities make a negative impact as they damage the cyber-
infrastructure of modern society as well as the economy. It can be stated that Software
security testing is one of the efficient procedures which helps to assess an approach in terms
of discovering risks as well as vulnerabilities of the application along with its data.
Additionally, the study paper also reflects that many engineers lack awareness in regards to
security vulnerability. This is one of the major causes of having trouble in software
application privacy as the lack of knowledge leads to mistakes.
As compeared by (Hui et al., 2010), in recent days the software application faces various
kinds of issues. The main reason which has been identified for those issues are the complex
usage of web applications, examining procedure of traditional function and many others.
These things are responsible and it has been identified that there is a huge number of reported
web application vulnerabilities that are enhancing massively.The study paper shows the
factor that an effective (SST) their which helps to illustrate the traditional security examining
process. This software security testing helpsin terms of defectingbehavior analysis that
incorporates the benefits of traditional examining procedures. It has been seen that the
approach of the internet age may be led improversto collectively acknowledge the statement
that entire applications require to beprivate as well as safe. In reality, this thing does not take
place. The detection of SDD requires a defined algorithm in terms of detecting the paths
using a dedicated procedure. This thing comes forward with the help of the PRI metric
algorithm. Even it is also have been seen that threealgorithms are used here to create test
instances along with coverage criteria. These criteria not only cover safetymechanismsas well
as latent security defects but also with the mechanism of a traditional repair. Additionally, a
case study has been framed in this research paper to give the reference of the security testing.
On the other hand, it is recognized that the framework is the MTR system which is a typical
infrastructure of modern society as well as the economy. It can be stated that Software
security testing is one of the efficient procedures which helps to assess an approach in terms
of discovering risks as well as vulnerabilities of the application along with its data.
Additionally, the study paper also reflects that many engineers lack awareness in regards to
security vulnerability. This is one of the major causes of having trouble in software
application privacy as the lack of knowledge leads to mistakes.
As compeared by (Hui et al., 2010), in recent days the software application faces various
kinds of issues. The main reason which has been identified for those issues are the complex
usage of web applications, examining procedure of traditional function and many others.
These things are responsible and it has been identified that there is a huge number of reported
web application vulnerabilities that are enhancing massively.The study paper shows the
factor that an effective (SST) their which helps to illustrate the traditional security examining
process. This software security testing helpsin terms of defectingbehavior analysis that
incorporates the benefits of traditional examining procedures. It has been seen that the
approach of the internet age may be led improversto collectively acknowledge the statement
that entire applications require to beprivate as well as safe. In reality, this thing does not take
place. The detection of SDD requires a defined algorithm in terms of detecting the paths
using a dedicated procedure. This thing comes forward with the help of the PRI metric
algorithm. Even it is also have been seen that threealgorithms are used here to create test
instances along with coverage criteria. These criteria not only cover safetymechanismsas well
as latent security defects but also with the mechanism of a traditional repair. Additionally, a
case study has been framed in this research paper to give the reference of the security testing.
On the other hand, it is recognized that the framework is the MTR system which is a typical
B/S web application. The main features of it are to provide the data flow graph.The PRI-
metric algorithm, define algorithm has been used in this research paper.
as stated by (Cai et al., 2015), software vulnerabilities are marked as one of the majorreasons
for network security problems. The Software security examination has become an
incomparablepart in the context of secure software improvement. On the other hand, fuzzing
has been verified tobe a dynamic and efficient approach. It is divided into numerous parts and
based on the target. Therefore it is nominated as the software security testing procedure. This
study paper represents a guided fuzzing offer that is based on dynamic taint analysis. This
analysis is used to evaluate the security testing in regards to the network protocol software.
This particular application helps to recognize the privacy-sensitive features of target
applications that are affected by network packets. This thing takes placethrough dynamic
taintanalysis. Even it helps to generatetest cases as it is evident that in recent times the
Internet has become one of the most important infrastructures in the context of the
information society. During this timethe network security has also become more essential
than in previous times as it maintains the privacy policy of the users. The study paper also
reflects the matter of fact that thevulnerabilities of Software areone of the major reasons
which cause network security problems. The research shows that most of thenetworkattacks
mainly take place because of this vulnerability.The malicious attackers can harm the network
system immensely therefore it is important to take care of that.The research paper gives
preferences to the taint analysis procedure.
as mentioned by (ISO/IEC/IEEE International Standard, 2013), National bodies which are the
members ofISO or IEC can participate in the improvement of International Standards by their
technical committees which have been establishedthrough the respective organization. Their
main function is to deal with specific fields of technical activity. The study paper reflects
that ISO and IEC technicalcommittees collaborate for their interest. Similarly, there are other
metric algorithm, define algorithm has been used in this research paper.
as stated by (Cai et al., 2015), software vulnerabilities are marked as one of the majorreasons
for network security problems. The Software security examination has become an
incomparablepart in the context of secure software improvement. On the other hand, fuzzing
has been verified tobe a dynamic and efficient approach. It is divided into numerous parts and
based on the target. Therefore it is nominated as the software security testing procedure. This
study paper represents a guided fuzzing offer that is based on dynamic taint analysis. This
analysis is used to evaluate the security testing in regards to the network protocol software.
This particular application helps to recognize the privacy-sensitive features of target
applications that are affected by network packets. This thing takes placethrough dynamic
taintanalysis. Even it helps to generatetest cases as it is evident that in recent times the
Internet has become one of the most important infrastructures in the context of the
information society. During this timethe network security has also become more essential
than in previous times as it maintains the privacy policy of the users. The study paper also
reflects the matter of fact that thevulnerabilities of Software areone of the major reasons
which cause network security problems. The research shows that most of thenetworkattacks
mainly take place because of this vulnerability.The malicious attackers can harm the network
system immensely therefore it is important to take care of that.The research paper gives
preferences to the taint analysis procedure.
as mentioned by (ISO/IEC/IEEE International Standard, 2013), National bodies which are the
members ofISO or IEC can participate in the improvement of International Standards by their
technical committees which have been establishedthrough the respective organization. Their
main function is to deal with specific fields of technical activity. The study paper reflects
that ISO and IEC technicalcommittees collaborate for their interest. Similarly, there are other
individuals such as international organizations, governmental and non-
governmentalorganizations who take part in the work to liaison with ISO and IEC. It is
shown in the paper that in the field of IT, a joint committee has been established by ISOand
IEC.IEEE does not have the authority to evaluate independently or verify the accuracy.IEEE
does not warrant or represent the accuracy or content of the material contained in its standard.
as mentioned by (Siboni et al., 2019), the IoT is an ecosystem that is accepted globally. It is a
technology whereinformation and communication technologies mainly aim to connectvarious
types of purposes without any time barrier or any place barrier through the connection of the
Internet. The study paper reflects the matter of fact that there is One significant issue
associated with the IoT. This issue is known as the heterogeneous nature of such
deployments.It is recognized thatheterogeneityoffers various types of challenges which is
unavoidable. These issues arise mainly in the areas of security as well as privacy.On the other
hand, the security test along with device analysis is known as the most difficult task. learning
algorithm, authentication algorithm, develop algorithm is mention in this article.
according to (Sánchez-Gómez et al., 2020), Blockchain technology has advantages in
numerous domains and has the potential to restructure innumerable facets of society today.
Blockchain technology, built on distributed ledger technologies (DLT), is a network of
cryptographically connected blocks. This system enables tools for defining contracts by
utilising smart contracts, which seem to be computer programmes that operate on blockchain
networks without the need for mediators. In the context of a legal arrangement, a smart
contract aims to substitute the printed document with legal speak. The researcher defined a
smart contract in just this work as a collection of rules, information, and methods. Such
protocols use techniques to automatically check that each requirement is met for each
party/entity engaged in the agreement. These contracts are generally wiser than document-
governmentalorganizations who take part in the work to liaison with ISO and IEC. It is
shown in the paper that in the field of IT, a joint committee has been established by ISOand
IEC.IEEE does not have the authority to evaluate independently or verify the accuracy.IEEE
does not warrant or represent the accuracy or content of the material contained in its standard.
as mentioned by (Siboni et al., 2019), the IoT is an ecosystem that is accepted globally. It is a
technology whereinformation and communication technologies mainly aim to connectvarious
types of purposes without any time barrier or any place barrier through the connection of the
Internet. The study paper reflects the matter of fact that there is One significant issue
associated with the IoT. This issue is known as the heterogeneous nature of such
deployments.It is recognized thatheterogeneityoffers various types of challenges which is
unavoidable. These issues arise mainly in the areas of security as well as privacy.On the other
hand, the security test along with device analysis is known as the most difficult task. learning
algorithm, authentication algorithm, develop algorithm is mention in this article.
according to (Sánchez-Gómez et al., 2020), Blockchain technology has advantages in
numerous domains and has the potential to restructure innumerable facets of society today.
Blockchain technology, built on distributed ledger technologies (DLT), is a network of
cryptographically connected blocks. This system enables tools for defining contracts by
utilising smart contracts, which seem to be computer programmes that operate on blockchain
networks without the need for mediators. In the context of a legal arrangement, a smart
contract aims to substitute the printed document with legal speak. The researcher defined a
smart contract in just this work as a collection of rules, information, and methods. Such
protocols use techniques to automatically check that each requirement is met for each
party/entity engaged in the agreement. These contracts are generally wiser than document-
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
based contracts in this regard since they proactively execute the responsibilities of the parties
concerned.
Researchers outline the planning process of a smart contract system, which intends to build
smart contracts for diverse blockchain technology within that environment. They execute the
sequence and algorithms in a supply chain example specimen utilising the modeling
approach, UML, and OCL (Object Constraint Language). Gathering requirements and, most
importantly, software testing, are two of the most crucial components of smart contract
advancement, but they have been frequently disregarded. For instance, consider the software
development life cycle, which includes gathering requirements, analysing them, designing,
creating, evaluating, and delivering blockchain applications. Numerous Agile practises are
used in the procedure. The scientific community must support model-based architecture and
model-based verification because model-based software development allows for the detection
of mistakes in code and design. Model-based solutions can help enhance smart contract code
verification by including testing methodologies from the start of the SDLC.
as mentioned by (Ryoo et al., 2016), software safety has become increasingly critical as the
amount and variety of attacks against security flaws increase. Adopting security measures at
the beginning of the software development process ensures software security. Despite their
introduction, security tactics have indeed been accessible to operators for a long time. Many
professionals, meanwhile, are ignorant of the security approaches and depend on their
instincts and experiential learning from peers when attempting to solve issues about the
safety of their programme. Tactics serve as architectural construction blocks by establishing
primitives for a system design. Tactics explicitly address quality attributes like reliability,
configurability, safety, efficiency, accessibility, and testability.
concerned.
Researchers outline the planning process of a smart contract system, which intends to build
smart contracts for diverse blockchain technology within that environment. They execute the
sequence and algorithms in a supply chain example specimen utilising the modeling
approach, UML, and OCL (Object Constraint Language). Gathering requirements and, most
importantly, software testing, are two of the most crucial components of smart contract
advancement, but they have been frequently disregarded. For instance, consider the software
development life cycle, which includes gathering requirements, analysing them, designing,
creating, evaluating, and delivering blockchain applications. Numerous Agile practises are
used in the procedure. The scientific community must support model-based architecture and
model-based verification because model-based software development allows for the detection
of mistakes in code and design. Model-based solutions can help enhance smart contract code
verification by including testing methodologies from the start of the SDLC.
as mentioned by (Ryoo et al., 2016), software safety has become increasingly critical as the
amount and variety of attacks against security flaws increase. Adopting security measures at
the beginning of the software development process ensures software security. Despite their
introduction, security tactics have indeed been accessible to operators for a long time. Many
professionals, meanwhile, are ignorant of the security approaches and depend on their
instincts and experiential learning from peers when attempting to solve issues about the
safety of their programme. Tactics serve as architectural construction blocks by establishing
primitives for a system design. Tactics explicitly address quality attributes like reliability,
configurability, safety, efficiency, accessibility, and testability.
Figure: Security tactics hierarchy
Although "cryptography" is classified as encryption, it also includes decryption and other
cyphers whose methods are needed to make encryption function. Whereas the guidelines may
not generate much more regarding population sample, the application of cryptography itself
is rather significant in terms of population sample representations. Whereas most OSS
projects use security approaches in their preparation and management, the extent of their use
is relatively limited. That seems to be, and the acceptance was limited to a specific set of
techniques in the tactics hierarchy, including such "encrypt data." Several methods were
utilised infrequently or not at all. This provides an opportunity for the OSS industry to
investigate and consider alternate, less often used security approaches for acceptance. This
imbalanced deployment of security techniques is attributable to a lack of expertise in
protection strategies instead of an intentional refusal to utilize specific security strategies.
Although "cryptography" is classified as encryption, it also includes decryption and other
cyphers whose methods are needed to make encryption function. Whereas the guidelines may
not generate much more regarding population sample, the application of cryptography itself
is rather significant in terms of population sample representations. Whereas most OSS
projects use security approaches in their preparation and management, the extent of their use
is relatively limited. That seems to be, and the acceptance was limited to a specific set of
techniques in the tactics hierarchy, including such "encrypt data." Several methods were
utilised infrequently or not at all. This provides an opportunity for the OSS industry to
investigate and consider alternate, less often used security approaches for acceptance. This
imbalanced deployment of security techniques is attributable to a lack of expertise in
protection strategies instead of an intentional refusal to utilize specific security strategies.
As detailed by (Huang et al., 2019), blockchain, a decentralized and tamper-proof ledger, has
indeed been presented as the perfect security system in numerous areas, including big data,
artificial intelligence (AI), the Internet of Things, as well as digital assets. Nevertheless,
blockchain technology itself is plagued by a slew of security concerns. Smart contract safety,
as seen below, is becoming increasingly important as the number of decentralised
applications running on blockchains grows and has piqued the interest of experts.
Figure: Number of attacks from both (a) different layers and (b) different components
Since many Ethereum agreements remain open-source, it's indeed tricky to develop a
reasonably strong supply of unpredictability in Ethereum. By using associated block
information, hackers can readily guess the numbers produced by an algorithm utilizing
specific seeding. The quantity of states and transitions in FSM-based techniques grows
dramatically with contracts, making this modeling approach unsuitable for complicated
business requirements. Furthermore, even when a logic-based method offers significant
advantages in contract negotiation, notarization, and compliance, it is already in the proof-of-
concept phase. In blockchain settings, the logic method algorithm is inefficient.
indeed been presented as the perfect security system in numerous areas, including big data,
artificial intelligence (AI), the Internet of Things, as well as digital assets. Nevertheless,
blockchain technology itself is plagued by a slew of security concerns. Smart contract safety,
as seen below, is becoming increasingly important as the number of decentralised
applications running on blockchains grows and has piqued the interest of experts.
Figure: Number of attacks from both (a) different layers and (b) different components
Since many Ethereum agreements remain open-source, it's indeed tricky to develop a
reasonably strong supply of unpredictability in Ethereum. By using associated block
information, hackers can readily guess the numbers produced by an algorithm utilizing
specific seeding. The quantity of states and transitions in FSM-based techniques grows
dramatically with contracts, making this modeling approach unsuitable for complicated
business requirements. Furthermore, even when a logic-based method offers significant
advantages in contract negotiation, notarization, and compliance, it is already in the proof-of-
concept phase. In blockchain settings, the logic method algorithm is inefficient.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Furthermore, there's still some significant space to increase their reliability, false-positive
ratio, and false-negative percentage in the vulnerabilities detection phase. Deep learning
could be beneficial in this regard. Furthermore, since newer security flaws occur regularly, a
practical code evaluation method must be extendable. Smart contracts are performed in a
decentralised environment that is difficult to repair for flaws. As a result, smart contracts
have numerous security risks based on security weaknesses and unusual behaviour.
Researchers exposed more theoretical and practical elements of smart contract security by
focusing on smart contract security from its standpoint of the application lifecycle.
Author Data Objectives Algorithm Accuracy
(Wang et al.,
2018)
A discussion of
Information
Security
Protection in
Software Testing
The major
hazards of
software
information
collaboration
and transmission
via the life cycle
in software
testing method
Long Short-
Term
Memory
(LSTM
(Yang et al.,
2009)
A discussion on
A Model-Based
Fuzz Framework
to the Security
Testing of TCG
Software Stack
Implementations
To elaborates
the application
of model-based
fuzz framework
that can identity
numerous
weaknesses in
some form of
test algorithm
Googlenet
Network
ratio, and false-negative percentage in the vulnerabilities detection phase. Deep learning
could be beneficial in this regard. Furthermore, since newer security flaws occur regularly, a
practical code evaluation method must be extendable. Smart contracts are performed in a
decentralised environment that is difficult to repair for flaws. As a result, smart contracts
have numerous security risks based on security weaknesses and unusual behaviour.
Researchers exposed more theoretical and practical elements of smart contract security by
focusing on smart contract security from its standpoint of the application lifecycle.
Author Data Objectives Algorithm Accuracy
(Wang et al.,
2018)
A discussion of
Information
Security
Protection in
Software Testing
The major
hazards of
software
information
collaboration
and transmission
via the life cycle
in software
testing method
Long Short-
Term
Memory
(LSTM
(Yang et al.,
2009)
A discussion on
A Model-Based
Fuzz Framework
to the Security
Testing of TCG
Software Stack
Implementations
To elaborates
the application
of model-based
fuzz framework
that can identity
numerous
weaknesses in
some form of
test algorithm
Googlenet
Network
TSS application.
(Parizi et al.,
2018)
Benchmark
Requirements
for Assessing
Software
Security
Vulnerability
Testing Tools
To develop a set
of benchmark
necessities to
accomplish this
need, primarily
guiding
newcomers and
investigator into
this discipline.
(Hui et al.,
2010)
Software
security testing
based on typical
SSD:A case
study
To evaluate
effective
software
security testing
(SST) model,
that
encompasses
traditional
safety testing
methods.
(Cai et al.,
2015)
A guided
fuzzing
approach for
security testing
of network
protocol
software
To identifies the
security
sensitive
operations of
target
implementation
that influenced
(Parizi et al.,
2018)
Benchmark
Requirements
for Assessing
Software
Security
Vulnerability
Testing Tools
To develop a set
of benchmark
necessities to
accomplish this
need, primarily
guiding
newcomers and
investigator into
this discipline.
(Hui et al.,
2010)
Software
security testing
based on typical
SSD:A case
study
To evaluate
effective
software
security testing
(SST) model,
that
encompasses
traditional
safety testing
methods.
(Cai et al.,
2015)
A guided
fuzzing
approach for
security testing
of network
protocol
software
To identifies the
security
sensitive
operations of
target
implementation
that influenced
by network
packets via
dynamic taint
examination.
(ISO/IEC/IEEE
International
Standard, 2013)
International
Standard -
Software and
systems
engineering --
Software testing
--Part 2
To identify the
purpose of the
ISO/IEC/IEEE
29119 series of
software testing
standards is to
define an
internationally-
agreed set of
standards for
software testing
(Siboni et al.,
2019)
Security Testbed
for Internet-of-
Things Devices
To elaborate that
the testbed is
effective at
detecting
vulnerabilities
and
compromised
IoT devices.
(Sánchez-
Gómez et al.,
2020)
Model-based
Software Design
and Testing in
Blockchain
To identify the
planning process
of a smart
contract system,
packets via
dynamic taint
examination.
(ISO/IEC/IEEE
International
Standard, 2013)
International
Standard -
Software and
systems
engineering --
Software testing
--Part 2
To identify the
purpose of the
ISO/IEC/IEEE
29119 series of
software testing
standards is to
define an
internationally-
agreed set of
standards for
software testing
(Siboni et al.,
2019)
Security Testbed
for Internet-of-
Things Devices
To elaborate that
the testbed is
effective at
detecting
vulnerabilities
and
compromised
IoT devices.
(Sánchez-
Gómez et al.,
2020)
Model-based
Software Design
and Testing in
Blockchain
To identify the
planning process
of a smart
contract system,
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Smart Contracts. which intends to
build smart
contracts for
diverse
blockchain
technology
within that
environment.
(Al-Zahrani,
2020)
Evaluating the
Usable-Security
of Healthcare
Software
Through Unified
Technique of
Fuzzy Logic,
ANP, and
TOPSIS
To analysis of
previous high-
quality research
articles and
other
trustworthy
reliable sources
can be used for
attribute
identification
and choosing for
usable-security
evaluations for
healthcare
management
system apps.
(Ryoo et al.,
2016)
The Use of
Security Tactics
in Open-Source
Software
Projects
To provides an
opportunity for
the OSS
industry to
investigate and
consider
alternate, less
build smart
contracts for
diverse
blockchain
technology
within that
environment.
(Al-Zahrani,
2020)
Evaluating the
Usable-Security
of Healthcare
Software
Through Unified
Technique of
Fuzzy Logic,
ANP, and
TOPSIS
To analysis of
previous high-
quality research
articles and
other
trustworthy
reliable sources
can be used for
attribute
identification
and choosing for
usable-security
evaluations for
healthcare
management
system apps.
(Ryoo et al.,
2016)
The Use of
Security Tactics
in Open-Source
Software
Projects
To provides an
opportunity for
the OSS
industry to
investigate and
consider
alternate, less
often used
security
approaches for
acceptance.
(Huang et al.,
2019)
Smart Contract
Security in the
context of a
Software
Lifecycle
Perspective
To exposed
more theoretical
and practical
elements of
smart contract
security by
focusing on
smart contract
security from its
standpoint of the
application
lifecycle.
Online algorithm
J. C. S. Núñez,
A. C. Lindo
and P. G.
Rodríguez,2020
A Preventive
Secure Software
Development
Model for a
software factory
To understands
Traditional
software
development
methods that
take a proactive
strategy,
delegating
security tasks to
the later phases
security
approaches for
acceptance.
(Huang et al.,
2019)
Smart Contract
Security in the
context of a
Software
Lifecycle
Perspective
To exposed
more theoretical
and practical
elements of
smart contract
security by
focusing on
smart contract
security from its
standpoint of the
application
lifecycle.
Online algorithm
J. C. S. Núñez,
A. C. Lindo
and P. G.
Rodríguez,2020
A Preventive
Secure Software
Development
Model for a
software factory
To understands
Traditional
software
development
methods that
take a proactive
strategy,
delegating
security tasks to
the later phases
of the
programme life
cycle
3 CHAPTER-3 METHODOLOGY
4 CHAPTER-4 EXPERIMENTAL PROCEDURE
5 CHAPTER-5 ANALYSIS AND RESULT
programme life
cycle
3 CHAPTER-3 METHODOLOGY
4 CHAPTER-4 EXPERIMENTAL PROCEDURE
5 CHAPTER-5 ANALYSIS AND RESULT
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
6 CHAPTER-6 DISCUSSION
7 CHAPTER-7 CONCLUSION
8 REFERENCES
Al-Zahrani, F.A., 2020. Evaluating the Usable-Security of Healthcare Software Through Unified
Technique of Fuzzy Logic, ANP and TOPSIS. IEEE Access, 8, pp.109905-16.
Cai, J., Zou, P., Xiong, D. & He, J., 2015. A guided fuzzing approach for security testing of network
protocol software. 6th IEEE International Conference on Software Engineering and Service Science
(ICSESS), pp.726-29.
Dhivvya, J.P., Muralidharan, D., Raj, N. & Kumar, B.K., 2019. Network Simulation and Vulnerability
Assessment Tool for an Enterprise Network. 10th International Conference on Computing,
Communication and Networking Technologies (ICCCNT), pp.45-49.
Hou, X.-Y. et al., 2018. A Dynamic Detection Technique for XSS Vulnerabilities. 4th Annual
International Conference on Network and Information Systems for Computers (ICNISC), pp.167-71.
Huang, Y. et al., 2019. Smart Contract Security: A Software Lifecycle Perspective. IEEE Access,
pp.150184-202.
Hui, Z., Huang, S., Hu, B. & Yao, Y., 2010. Software security testing based on typical SSD:A case
study. 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE), , 2,
pp.312-16.
ISO/IEC/IEEE International Standard, 2013. 29119-2-2013 - ISO/IEC/IEEE International Standard -
Software and systems engineering --Software testing --Part 2:Test processes. 1, p.68.
7 CHAPTER-7 CONCLUSION
8 REFERENCES
Al-Zahrani, F.A., 2020. Evaluating the Usable-Security of Healthcare Software Through Unified
Technique of Fuzzy Logic, ANP and TOPSIS. IEEE Access, 8, pp.109905-16.
Cai, J., Zou, P., Xiong, D. & He, J., 2015. A guided fuzzing approach for security testing of network
protocol software. 6th IEEE International Conference on Software Engineering and Service Science
(ICSESS), pp.726-29.
Dhivvya, J.P., Muralidharan, D., Raj, N. & Kumar, B.K., 2019. Network Simulation and Vulnerability
Assessment Tool for an Enterprise Network. 10th International Conference on Computing,
Communication and Networking Technologies (ICCCNT), pp.45-49.
Hou, X.-Y. et al., 2018. A Dynamic Detection Technique for XSS Vulnerabilities. 4th Annual
International Conference on Network and Information Systems for Computers (ICNISC), pp.167-71.
Huang, Y. et al., 2019. Smart Contract Security: A Software Lifecycle Perspective. IEEE Access,
pp.150184-202.
Hui, Z., Huang, S., Hu, B. & Yao, Y., 2010. Software security testing based on typical SSD:A case
study. 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE), , 2,
pp.312-16.
ISO/IEC/IEEE International Standard, 2013. 29119-2-2013 - ISO/IEC/IEEE International Standard -
Software and systems engineering --Software testing --Part 2:Test processes. 1, p.68.
Jinan, S., Kefeng, P., Xuefeng, C. & Junfu, Z., 2017. Security Patterns from Intelligent Data: A Map
of Software Vulnerability Analysis. 3rd international conference on big data security on cloud
(bigdatasecurity), ieee international conference on high performance and smart computing (hpsc),
and ieee international conference on intelligent data and security (ids).
Kanashiro, L. et al., 2017. A study on low complexity models to predict flaws in the Linux source
code. 12th Iberian Conference on Information Systems and Technologies (CISTI).
Katole, R.A., Sherekar, S.S. & Thakare, V.M., 2018. Detection of SQL injection attacks by removing
the parameter values of SQL query. 2nd International Conference on Inventive Systems and Control
(ICISC), pp.741-45.
Klyokta, S.A. et al., 2019. Development of Modified Block Cifer Algorithm TEA, Free from
Vulnerability of “Connected Keys Attack”. IEEE East-West Design & Test Symposium (EWDTS),
pp.1237-40.
Li, K., 2010. Towards Security Vulnerability Detection by Source Code Model Checking. Third
International Conference on Software Testing, Verification, and Validation Workshops.
Núñez, J.C.S., Lindo, A.C. & Rodríguez, P.G., 2020. A Preventive Secure Software Development
Model for a Software Factory: A Case Study. IEEE Access, 8, pp.77653-65.
Parizi, R.M. et al., 2018. Benchmark Requirements for Assessing Software Security Vulnerability
Testing Tools. IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC),
2018, pp.825-26.
Penta, M.D., Cerulo, L. & Aversano, L., 2008. The Evolution and Decay of Statically Detected
Source Code Vulnerabilities. Eighth IEEE International Working Conference on Source Code
Analysis and Manipulation.
Ryoo, J., Malone, B., Laplante, P.A. & Anand, P., 2016. The Use of Security Tactics in Open Source
Software Projects. IEEE Transactions on Reliability, 65(3), pp.1195-204.
of Software Vulnerability Analysis. 3rd international conference on big data security on cloud
(bigdatasecurity), ieee international conference on high performance and smart computing (hpsc),
and ieee international conference on intelligent data and security (ids).
Kanashiro, L. et al., 2017. A study on low complexity models to predict flaws in the Linux source
code. 12th Iberian Conference on Information Systems and Technologies (CISTI).
Katole, R.A., Sherekar, S.S. & Thakare, V.M., 2018. Detection of SQL injection attacks by removing
the parameter values of SQL query. 2nd International Conference on Inventive Systems and Control
(ICISC), pp.741-45.
Klyokta, S.A. et al., 2019. Development of Modified Block Cifer Algorithm TEA, Free from
Vulnerability of “Connected Keys Attack”. IEEE East-West Design & Test Symposium (EWDTS),
pp.1237-40.
Li, K., 2010. Towards Security Vulnerability Detection by Source Code Model Checking. Third
International Conference on Software Testing, Verification, and Validation Workshops.
Núñez, J.C.S., Lindo, A.C. & Rodríguez, P.G., 2020. A Preventive Secure Software Development
Model for a Software Factory: A Case Study. IEEE Access, 8, pp.77653-65.
Parizi, R.M. et al., 2018. Benchmark Requirements for Assessing Software Security Vulnerability
Testing Tools. IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC),
2018, pp.825-26.
Penta, M.D., Cerulo, L. & Aversano, L., 2008. The Evolution and Decay of Statically Detected
Source Code Vulnerabilities. Eighth IEEE International Working Conference on Source Code
Analysis and Manipulation.
Ryoo, J., Malone, B., Laplante, P.A. & Anand, P., 2016. The Use of Security Tactics in Open Source
Software Projects. IEEE Transactions on Reliability, 65(3), pp.1195-204.
Sánchez-Gómez, N. et al., 2020. Model-Based Software Design and Testing in Blockchain Smart
Contracts: A Systematic Literature Review. IEEE Access, 8, pp.164556-69.
Siboni, S. et al., 2019. Security Testbed for Internet-of-Things Devices. IEEE Transactions on
Reliability, vol. 68, no. 1, pp. 23-44, , pp.23-44.
Wang, Y., Yao, J. & Yu, X., 2018. Information Security Protection in Software Testing. 14th
International Conference on Computational Intelligence and Security (CIS), , pp.449-52.
Yang, Y. et al., 2009. A Model-Based Fuzz Framework to the Security Testing of TCG Software
Stack Implementations. 2009 International Conference on Multimedia Information Networking and
Security, pp.149-52.
Zimmermann, T., Nagappan, N. & Williams, L., 2010. Searching for a Needle in a Haystack:
Predicting Security Vulnerabilities for Windows Vista. Third International Conference on Software
Testing, Verification and Validation.
Contracts: A Systematic Literature Review. IEEE Access, 8, pp.164556-69.
Siboni, S. et al., 2019. Security Testbed for Internet-of-Things Devices. IEEE Transactions on
Reliability, vol. 68, no. 1, pp. 23-44, , pp.23-44.
Wang, Y., Yao, J. & Yu, X., 2018. Information Security Protection in Software Testing. 14th
International Conference on Computational Intelligence and Security (CIS), , pp.449-52.
Yang, Y. et al., 2009. A Model-Based Fuzz Framework to the Security Testing of TCG Software
Stack Implementations. 2009 International Conference on Multimedia Information Networking and
Security, pp.149-52.
Zimmermann, T., Nagappan, N. & Williams, L., 2010. Searching for a Needle in a Haystack:
Predicting Security Vulnerabilities for Windows Vista. Third International Conference on Software
Testing, Verification and Validation.
1 out of 31
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.