Testing security: studies tools

Authors

  • Yahima Hadfeg Universidad Católica del Norte
  • Vianca Vega Universidad Católica del Norte

DOI:

https://doi.org/10.21501/21454086.1957

Keywords:

Testing security, Software quality, tools, security attacks

Abstract

Today, due to the development and advancement of technology, software products are part of our daily lives. These products support almost all our tasks. These tasks can be critical or non-performance, and range from piloting a plane with an autopilot to enabling the operation of ticket dispensers or ATMs. By the criticality of the processes in which they are related, it is necessary that two fundamental characteristics be met; first, having achieved a level of quality and second, being safe products.

Software security is a nonfunctional attribute that directly affects product quality. Testing non-functional requirements to verify their performance, as it is done with the functional requirements, is a tedious task. As an alternative to this problem, tools that automatically or semi-automatically perform tests of different types of systems have been developed. The aim of this paper is to identify existing software tools related to testing safety. To achieve this objective a study of the state-of-the-art tools used for security testing is done from 2010 to date.

Downloads

Download data is not yet available.

Author Biography

Yahima Hadfeg, Universidad Católica del Norte

Estudiante del Magìster en Informàtica de la Universidad Catòlica del Norte.

Profesora por hora de la Universidad Catòlica del Norte.

 

References

ISO, "ISO 9000 -Quality management". 2009. [Online]. Available at http://www.iso.org/iso/home.html

G. Myers, C. Sandler and T. Badgett, "The art of software testing" John Wiley & Sons, p. 256. 2011.

P. Hamill, "Unit Test Frameworks: Tools for High-Quality Software Development". O'Reilly Media, Inc. p. 304. 2004.

A. Black, "Critical Testing Process: Plan, Prepare, Perform, Perfect" Addison-Wesley Longman Publishing Co., Inc., p. 608. 2003.

J. Rubin, and D. Chisnell, "Handbook of usability testing: how to plan, design and conduct effective tests" John Wiley & Sons, p. 384. 2008.

L. Manzari, and J. Trinidad-Christensen, "User-centered design of a web site for library and information science students: Heuristic evaluation and usability testing". Information technology and libraries, vol. 25, no. 3, pp. 163-169, 2013

Dumas, J. & J. Redish, "A practical guide to usability testing" Intellect Books, p. 404. 1999.

G. McGraw, "Software security". Security & Privacy, IEEE, vol. 2, no. 2, pp. 80-83, 2004

McGraw, G., "Software security: building security in" Addison-Wesley Professional, 448 p. 2006.

T. Greenhalgh, T. and R. Taylor, "How to read a paper" BMJ Publishing Group London, pp 1-2. 2002.

B. Garn, I. Kapsalis, D.E. Simos and S. Winkler. "On the applicability of combinatorial testing to web application security testing: a case study". In Proceedings of the 2014 Workshop on Joining AcadeMiA and Industry Contributions to Test Automation and Model-Based Testing. pp. 16-21, 2014

R. A. Oliveira, N. Laranjeiro and M. Vieira. "WSFAggressor: an extensible web service framework attacking tool". In Proceedings of the Industrial Track of the 13th ACM/IFIP/USENIX International Middleware Conference. pp. 2, 2012

B. Sieklik, R. Macfarlane and W. J. Buchanan, "TFTP DDoS amplification attack". Computers & Security, vol.57, No. pp 67-92. 2016

D. M. Duchesne, "Using CABECTPortal as a Case Study to Extend the Capabilities of Penetration Testing Tools". In Proceedings of the 46th ACM Technical Symposium on Computer Science Education. pp. 715-715, 2015

M. Salas and E. Martins, "Security testing methodology for vulnerabilities detection of xss in web services and ws-security".Electronic Notes in Theoretical Computer Science, vol. 302. pp. 133-154, 2014

J. Bozic, and F. Wotawa. "PURITY: A Planning-based secURITY Testing Tool". In Software Quality, Reliability and Security-Companion (QRS-C), 2015 IEEE International Conference on. pp. 46-55, 2015

A. Blome, M. Ochoa, K. Li, M. Peroli and M. T. Dashti. "Vera: A flexible model-based vulnerability testing tool". In Software Testing, Verification and Validation (ICST), 2013 IEEE Sixth International Conference on. pp. 471-478, 2013

J. Yeo, "Using penetration testing to enhance your company's security". Computer Fraud & Security, vol. 2013, no. 4, pp. 17-20, 2013

L. Allen, T. Heriyanto and S. Ali, "Kali Linux–Assuring Security by Penetration Testing" Packt Publishing Ltd, p. 454. 2014.

L. H. Chen, F. H. Hsu, Y. Hwang, M. C. Su, W. S. Ku and C. H. Chang, "ARMORY: An automatic security testing tool for buffer overflow defect detection". Computers & Electrical Engineering, vol. 39, no. 7, pp. 2233-2242, 2013

V. Manetti, and L. M. Petrella. "FITNESS: a framework for automatic testing of ASTERIX based software systems". In Proceedings of the 2013 International Workshop on Joining AcadeMiA and Industry Contributions to testing Automation. pp. 71-76, 2013

A. Marback, H. Do, K. He, S. Kondamarri and D. Xu, "A threat model‐based approach to security testing". Software: Practice and Experience, vol. 43, no. 2, pp. 241-258, 2013

S. Kondakci, "Intelligent network security assessment with modeling and analysis of attack patterns". Security and Communication Networks, vol. 5, no. 12, pp. 1471-1486, 2012.

S. Jadhav, T. Oh, Y.H. Kim and J.N. Kim. "Mobile device penetration testing framework and platform for the mobile device security course". In AdvancedCommunication Technology (ICACT), 2015 17th International Conference on. pp. 675-680, 2015

S. Salva and S. R. Zafimiharisoa. "Data vulnerability detection by security testing for Android applications". In Information Security for South Africa, 2013.pp. 1-8, 2013

K. Knorr and D. Aspinall. "Security testing for Android mHealth apps". In Software Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth International Conference on. pp. 1-8, 2015

A. Morais, A. Cavalliand E. Martins. "A model-based attack injection approach for security validation". In Proceedings of the 4th international conference on Security of information and networks. pp. 103-110, 2011

E. Gutesman and A. Waissbein. "The impact of predicting attacker tools in security risk assessments". In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research. pp. 75, 2010

Antunes, N. & M. Vieira. "SOA-Scanner: An Integrated Tool to Detect Vulnerabilities in Service-Based Infrastructures". In Services Computing (SCC), 2013 IEEE International Conference on. pp. 280-287, 2013

Li, K., C. Hebert, J. Lindemann, M. Sauter, H. Mack, T. Schroer & A. Tiple. "Tool support for secure programming by security testing". In Software Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth International Conference on. pp. 1-4, 2015

Bozic, J. & F. Wotawa. "Xss pattern for attack modeling in testing". In Proceedings of the 8th International Workshop on Automation of Software Test. pp. 71-74, 2013

Smith, C. & G. Francia III. "Security fuzzing toolset". In Proceedings of the 50th Annual Southeast Regional Conference. pp. 329-330, 2012

Aouadi, M.H., K. Toumi & A. Cavalli. "An Active Testing Toolfor Security Testing of Distributed Systems". In Availability, Reliability and Security (ARES), 2015 10th International Conference on. pp. 735-740, 2015

Xu, D., W. Xu, M. Kent, L. Thomas & L. Wang, "An Automated Test Generation Technique for Software Quality Assurance". Reliability, IEEE Transactions on, Vol. 64, No. 1, pp. 247-268, 2015

Downloads

Additional Files

Published

2017-01-17

How to Cite

Hadfeg, Y., & Vega, V. (2017). Testing security: studies tools. Lámpsakos, 1(17), 84–91. https://doi.org/10.21501/21454086.1957

Issue

No. 17 (2017): Edición 17 (enero-junio, 2017): Notas Ingenieriles

Section

Review articles

License

In accordance with national and international copyrights, as well as publishing policies of "Fundación Universitaria Luis Amigó" and its Journal "Lámpsakos" (indexed with ISSN : 2145-4086), I (we ) hereby manifest:
1. The desire to participate as writers and submit to the rules established by the magazine publishers.
2. The commitment not to withdraw the manuscript until the journal finishes the editing process of the ongoing issue.
3. That article is original and unpublished and has not been nominated or submitted together in another magazine; therefore, the rights of the article in evaluation have not been assigned in advance and they do not weigh any lien or limitation for use.
4. The absence of conflict of interest with commercial institution or association of any kind
5. The incorporation of the quotes and references from other authors, tending to avoid plagiarism. Accordingly, the author affirms that the paper being published do not violate copyright, intellectual property or privacy rights of third parties. Morover, if necessary there is a way of demonstrating the respective permits original copyright to the aspects or elements taken from other documents such as texts of more than 500 words, tables, graphs, among others. In the event of any claim or action by a third party regarding copyright on the article, the author (s) will assume full responsibility and come out in defense of the rights herein assigned. Therefore, for all purposes, the Journal "Lámpsakos" of the "Fundación Universitaria Luis Amigó" acts as a third party in good faith.
6. In the event of the publication of the article, the authors free of charge and on an exclusive basis the integrity of the economic rights and the right to print, reprint and reproduction in any form and medium, without any limitation as to territory is concerned, in favor of the Journal "Lámpsakos" of the "Fundación Universitaria Luis Amigó".
Crossref
Scopus
Google Scholar
Europe PMC