PricingBlogAbout Us

Application Security and Software Testing Report - Semester 1, 2024

Verified

Added on  2022/11/28

|7
|1218
|242
Report
AI Summary
This report examines application security and software testing, focusing on the use of Commercial-Off-The-Shelf (COTS) software and the Common Criteria. It identifies and explains the pros and cons associated with COTS software, including enhanced IT capabilities and cost-effectiveness versus security vulnerabilities and difficulties in authentication. The report also details the Common Criteria framework, outlining its advantages such as international recognition and improved security evaluation, as well as its drawbacks, like generic requirements and high assessment costs. Furthermore, it explores alternative commercial options for information technology security evaluation, reflecting on the evolving landscape of security standards and assessment methodologies. The report concludes by emphasizing the importance of understanding these aspects to ensure robust application security practices.
Document Page
Running head: APPLICATION SECURITY AND SOFTWARE TESTING
Application Security and System Testing
Name of the student:
Name of the university:
Author note:
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1APPLICATION SECURITY AND SOFTWARE TESTING
Table of Contents
1. Identify and explain the pros and cons to security and resiliency that arise when using
commercial-off-the-shelf (COTS) software....................................................................................3
Pros of the COTS Software:........................................................................................................3
Cons of the COTS Software:.......................................................................................................3
2. Explain the pros and cons of the Common Criteria and why there are alternative commercial
options for information technology security evaluation..................................................................4
Pros of common criteria:.............................................................................................................5
Cons of Common Criteria:...........................................................................................................5
References:......................................................................................................................................7
Document Page
2APPLICATION SECURITY AND SOFTWARE TESTING
1. Identify and explain the pros and cons to security and resiliency that arise
when using commercial-off-the-shelf (COTS) software.
COTS software or in other words Commercial off-the shelf is described as the products
related to the software or hardware requirements that are available ready-made and are available
for sale to the public in general (Ulkuniemi, Araujo & Tähtinen, 2015). The advantages and
disadvantages of retreat and resiliency that arises while consuming the commercial off the shelf
software are described as follows:
Pros of the COTS Software:
With the help of the application of the COTS software within an organization, the IT
capabilities of the organization can be enhanced. Government and other agencies recommend the
use of COTS as it is much less in cost in terms of maintenance, purchase and development.
There are several reasons for which the COT Software is used within various business
organizations. The COT Software helps in meeting the IT requirements while avoiding the total
cost. While using COTS, the expenses that are required for maintaining the system can be
reduced without cutting down the necessary features.
Cons of the COTS Software:
One of the major drawbacks that exist with the COTS Software is with its security and
resiliency factors. The security failure in COTS Software is one the severe consequences that are
rooted in the custom code. As a result of the ubiquity and opacity in the COTS Software, it has
so many disadvantages (Petersen et al., 2017). In most of the organizations, COTS accounts for
bulk of legacy environment which sometimes become overshadowed by the COTS element and

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
3APPLICATION SECURITY AND SOFTWARE TESTING
thus it often gets misbalanced. Some of the disadvantages that exist with the COTS Software
include:
1. COTS Software presents an attractive point of attack, causing damage to the attacked party
while accessing valuable information.
2. As the COTS products are widely available hence information in the COT packages has the
chance to be shared among the black hat community.
3. It is very tough to authenticate the Security of the COTS yields. It becomes very difficult to
test the COTS products with the black boxes as these are often very large systems consisting of a
complex operating context (Desai & Srivastava, 2016).
4. COTS Software merchants have a very incomplete liability. As the COTS software ar larger in
size , fragile and complex in nature with a gradually change in the operating environment, COT
Software is a target rich environment for carrying out malicious attack.
3. The codes of the COTS software lacks features that are necessary to figure out where and how
the codes are being used and hackers take advantage of this lack in the security infrastructure to
undertake malicious actions.
2. Explain the pros and cons of the Common Criteria and why there are
alternative commercial options for information technology security
evaluation.
Common criteria is defined as a framework where the users of a computer system are
able to stipulate the useful security and pledge necessities within a Security board taken from
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4APPLICATION SECURITY AND SOFTWARE TESTING
different Protection Profiles (Barabanov & Markov, 2015). The advantages and disadvantages of
Common Criteria are mentioned as follows:
Pros of common criteria:
1. It is recognized by 26 nations under a single certification.
2. It helps in evaluating the availability of the IT products while evaluating and enhancing its
security.
3. It helps in improving the efficiency and cost effectiveness of the certification and evaluation
process.
4. The common criteria allow vendors to focus on their resources based on a common set of
requirements so as to improve the overall security of products.
Cons of Common Criteria:
1. Common criteria are very generic as it does not provide a list of security requirements for
products.
2. Although the common criteria ensures the security attributes of the products but it fails to
guarantee security.
3. The assessment process of common criteria is a costly one and costs almost thousands of US
dollars.
4. The estimation process of common criteria mainly focuses on the assessing of documents
rather than on the security of the documents (Schmitt & Diebold, 2016).
5. It needs lot of effort to prepare the evaluation evidence.
Document Page
5APPLICATION SECURITY AND SOFTWARE TESTING
6. Common criteria as a whole have a little impact on the industrial input.
As the Common Criteria is not adopted universally by the nations, UK has produced a
number of alternative schemes with respect to the timescales, cost and mutual recognition within
the operation of the market. The different alternatives that are adopted in this respect include:
1. The CESG system evaluation and Fast Track Approach schemes, which assures the
government systems rather than the general services and products.
2. The CESG Claims Tested Mark, which aims at handling the assurance requirements needed
for the products and services in a cost and time efficient manner.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
6APPLICATION SECURITY AND SOFTWARE TESTING
References:
Barabanov, A., & Markov, A. (2015, September). Modern trends in the regulatory framework of
the information security compliance assessment in Russia based on common criteria.
In SIN (pp. 30-33).
Desai, S., & Srivastava, A. (2016). Software testing: A practical approach. PHI Learning Pvt.
Ltd..
Petersen, K., Badampudi, D., Shah, S. M. A., Wnuk, K., Gorschek, T., Papatheocharous, E., ... &
Cicchetti, A. (2017). Choosing component origins for software intensive systems: In-
house, COTS, OSS or outsourcing?—A case survey. IEEE Transactions on Software
Engineering, 44(3), 237-261.
Schmitt, A., & Diebold, P. (2016, November). Why do we do software process improvement?.
In International Conference on Product-Focused Software Process Improvement (pp.
360-367). Springer, Cham.
Ulkuniemi, P., Araujo, L., & Tähtinen, J. (2015). Purchasing as market-shaping: The case of
component-based software engineering. Industrial Marketing Management, 44, 54-62.
chevron_up_icon
1 out of 7
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.