Assuring Software Security Through Testing

ثبت نشده
چکیده

(ISC)2®’s whitepaper, Code (In)Security, highlights various considerations that need to be taken into account to develop code that is secure. But merely developing secure code without attesting to its assurance capabilities is akin to operating an automobile without checking to ensure that the brakes work as expected. With such an outlook, a crash becomes not just possible but inevitable. This paper will discuss the need for attesting software assurance, the different types of testing as it pertains to functionality and assurance, a security tester’s profile, and some proven strategies to incorporate security testing into the software development lifecycle (SDLC).

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Strategic guidelines on the development of renewable energy sources

The study highlights the importance to develop the national economy through assuring energy security. The study aims to analyze how to develop renewable energy sources, determine the main priorities of Ukraine’s national security policy and discover novel ways of assuring energy security due to developing the industry of renewable energy in the light of environmental safety, energy conservation...

متن کامل

Security testing of session initiation protocol implementations

The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...

متن کامل

An integrated testing system for IPv6 and DNSSEC

IPv6 protocol, which should replace the actual IPv4 protocol, brings many new possibilities and improvements considering simplicity, routing speed, quality of service, and security. In comparison to IPv4, IPv6 improves mechanisms for assuring a secure and confidential transfer of information. DNS has been extended to provide security services (Domain Name System Security Extensions (DNSSEC)) ma...

متن کامل

A Secure Software Architecture Description Language

Security is becoming a more and more important concern for software architecture and software components. Previous modeling approaches provide insufficient support for an indepth treatment of security. This paper argues for a more comprehensive treatment of an important security aspect, access control, at the architecture level. Our approach models security subject, resource, privilege, safegua...

متن کامل

Integrating a Flexible Modeling Framework (FMF) with the Network Security Assessment Instrument to Reduce Software Security Risk

The network security assessment instrument is a comprehensive set of tools that can be used individually or collectively to ensure the security of network aware software applications and systems. Using the various tools collectively provide a distinct advantage for assuring the security of software and systems. Each tool’s resulting output provides feedback into the other tools. Thus, more comp...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011