Software security vulnerability testing in hostile environments
Proceedings of the 2002 ACM symposium on Applied computing
Queue - Distributed Development
Does Trusted Computing Remedy Computer Security Problems?
IEEE Security and Privacy
Secure Software Development by Example
IEEE Security and Privacy
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Selective Regression Test for Access Control System Employing RBAC
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Using implied scenarios in security testing
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
An integrated application of security testing methodologies to e-voting systems
ePart'10 Proceedings of the 2nd IFIP WG 8.5 international conference on Electronic participation
Security mutation testing of the FileZilla FTP server
Proceedings of the 2011 ACM Symposium on Applied Computing
Practical elimination of external interaction vulnerabilities in web applications
Journal of Web Engineering
Message confidentiality testing of security protocols: passive monitoring and active checking
TestCom'06 Proceedings of the 18th IFIP TC6/WG6.1 international conference on Testing of Communicating Systems
Hi-index | 0.00 |
Software testing is a discipline that has become pretty good at verifying requirements. Languages such as the Unified Modeling Language have made the process of moving from a specification (what the application should do) to test cases (verification that the application operates as specified) much easier. However, several types of bugs routinely escape testing. Many of these flaws are not specification violations in the traditional sense, meaning that the application might behave correctly according to requirements, but it might perform some additional, unspecified task in the process. Bugs like these would necessarily escape most automated testing because testers craft test cases to look for the presence of some correct behavior and not the absence of additional behavior. The subtle nature of most security bugs and why testing for them can be difficult is examined.