The need for functional security testing

被引:0
|
作者
Axelrod, C. Warren [1 ]
机构
[1] Delta Risk, P.O. Box 234030, Great Neck, NY 11023, United States
来源
CrossTalk | 2011年 / 24卷 / 02期
关键词
Software testing;
D O I
暂无
中图分类号
学科分类号
摘要
Despite extensive testing of application functionality and security, we see many instances of software, when attacked or during normal operation, performing adversely in ways that were not anticipated. In large part, this is due to software assurance staff not testing fully for negative functionality, that is, ensuring that applications do not do what they are not supposed to. There are many reasons for this, including the relative enormity of the task, the pressure to implement quickly, and the lack of qualified testers. In this article, we will examine these issues and suggest ways in which we can achieve some measure of assurance that applications will not behave inappropriately under a broad range of conditions.
引用
收藏
页码:17 / 21
相关论文
共 50 条
  • [1] Testing security policies: going beyond functional testing
    Le Traon, Yves
    Mouelhi, Tejeddine
    Baudry, Benoit
    ISSRE 2007: 18TH IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING, PROCEEDINGS, 2007, : 93 - +
  • [2] Money Buys Financial Security and Psychological Need Satisfaction: Testing Need Theory in Affluence
    Howell, Ryan T.
    Kurai, Mark
    Tam, Leona
    SOCIAL INDICATORS RESEARCH, 2013, 110 (01) : 17 - 29
  • [3] Money Buys Financial Security and Psychological Need Satisfaction: Testing Need Theory in Affluence
    Ryan T. Howell
    Mark Kurai
    Leona Tam
    Social Indicators Research, 2013, 110 : 17 - 29
  • [4] A Security Assurance Framework Combining Formal Verification and Security Functional Testing
    Wang, Weiguang
    Zeng, Qingkai
    Mathur, Aditya P.
    2012 12TH INTERNATIONAL CONFERENCE ON QUALITY SOFTWARE (QSIC), 2012, : 136 - 139
  • [5] Report: Functional Security Testing Closing the Software - Security Testing Gap: A Case from a Telecom Provider
    Zuccato, Albin
    Kogler, Clemens
    ENGINEERING SECURE SOFTWARE AND SYSTEMS, PROCEEDINGS, 2009, 5429 : 185 - 194
  • [6] The simulated security assessment ecosystem: Does penetration testing need standardisation?
    Knowles, William
    Baron, Alistair
    McGarr, Tim
    COMPUTERS & SECURITY, 2016, 62 : 296 - 316
  • [7] Transforming and Selecting Functional Test Cases for Security Policy Testing
    Mouelhi, Tejeddine
    Le Traon, Yves
    Baudry, Benoit
    SECOND INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION, AND VALIDATION, PROCEEDINGS, 2009, : 171 - +
  • [8] Study on getting non-functional security property from functional testing results
    Cao, Hui
    Zhang, Huan-Guo
    Yan, Fei
    International Journal of Digital Content Technology and its Applications, 2012, 6 (17) : 126 - 134
  • [9] MSMAM:Testing Resources Allocation,Obtaining Non-Functional Indexes Based on Functional Testing Results,and Evaluating Security
    CAO Hui1
    2.Key Laboratory of Aerospace Information Security and Trust Computing
    WuhanUniversityJournalofNaturalSciences, 2012, 17 (06) : 504 - 510
  • [10] Change,the Need for Security
    穆瑛
    信息安全与通信保密, 2009, (03) : 1 - 1
12345