Journal of Information Processing Systems

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

The Plan and Tools for Vulnerability Testing in Information Software-Based System

  • Kim, In-Jung (Electronics and Telecommunication Research Institute) ;
  • Lee, Young-Gyo (Information Security Group, Sungkyunkwan University) ;
  • Won, Dong-Ho (Information Security Group, Sungkyunkwan University)
  • Published : 2005.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

Although many tests for stabilization of the software have been done, vulnerability test for a system run by combination of the software of various products has not been conducted enough. This has led to increased threats and vulnerability of system. Especially, web-based software system, which is public, has inherent possibility of exposure to attacks and is likely to be seriously damaged by an accident. Consequently, comprehensive and systematic test plans and techniques are required. Moreover, it is necessary to establish a procedure for managing and handling the results of vulnerability test. This paper proposes vulnerability test plans and designs for implementing automated tools, both of which can be complied with on web-based software systems.

Keywords

References

  1. ANSI/IEEE Standard 829/1983 for Software Test Documentation. 1988
  2. IEEE Standard 830 for Recommended Practice for Software Requirements Specifications, 1998
  3. Cert Coordination Center, http://www.cert.org
  4. Shu Xiao; Lijun Deng; Sheng Li; Xiangrong Wang, 'Integrated TCP/IP protocol software testing for vulnerability detection, Computer Networks and Mobile Computing,' ICCNMC 2003. pp.311-319, Oct. 2003
  5. Thompson, H.H. 'Why security testing is hard,' Security & Privacy Magazine, IEEE , Volume: 1 , Issue: 4 , Pages:83 - 86, July-Aug. 2003 https://doi.org/10.1109/MSECP.2003.1219078
  6. Satoh, I., 'Software testing for mobile and ubiquitous computing,' Autonomous Decentralized Systems, 2003. ISADS 2003. The Sixth International Symposium on , Pages:185 - 192, 9-11 April 2003
  7. Injung Kim, el. 'The Design and Implementation for the Practical Risk Analysis Tools,' IFIP2004 Summer Conference, Aug. 2003
  8. Injung kim, el, 'Security Honey-Net in Risk Analysis,' Oct. PosterSession COMPSEC2003
  9. Injung Kim, el, 'A Study on Security Risk Modeling over Information and Communication', SAM2004
  10. CSE, Threat and Risk Assessment Working Guide, Government of Canada, Communications Security Establishment, 1999
  11. GAO, Information Security Risk Assessment - Practices of Leading Organizations, Exposure Draft, U.S. General Accounting Office, August 1999
  12. ISO/IEC JTC 1/SC27, Information technology - Security technique - Guidelines for the management of IT security (GMITS) - Part 3: Techniques for the management of IT security, ISO/IEC JTC1/SC27 N1845, 1997. 12. 1
  13. Solm, R., 'Information Security Management(2): Guidelines to The Management of Information Technology Security (GMITS)', Information Management & Computer Security, Vol. 6, No. 5, 1998, pp.221-223 https://doi.org/10.1108/EUM0000000004542
  14. BSI, BS7799 - Code of Practice for Information Security Management, British Standards Institute, 1999
  15. A. Fredlein, Web Project management, 2000