[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.3745/JIPS.2005.1.1.075

The Plan and Tools for Vulnerability Testing in Information Software-Based System

Kim, In-Jung (Electronics and Telecommunication Research Institute)
Lee, Young-Gyo (Information Security Group, Sungkyunkwan University)
Won, Dong-Ho (Information Security Group, Sungkyunkwan University)

Publication Information

Journal of Information Processing Systems / v.1, no.1, 2005 , pp. 75-78 More about this Journal

Abstract

Although many tests for stabilization of the software have been done, vulnerability test for a system run by combination of the software of various products has not been conducted enough. This has led to increased threats and vulnerability of system. Especially, web-based software system, which is public, has inherent possibility of exposure to attacks and is likely to be seriously damaged by an accident. Consequently, comprehensive and systematic test plans and techniques are required. Moreover, it is necessary to establish a procedure for managing and handling the results of vulnerability test. This paper proposes vulnerability test plans and designs for implementing automated tools, both of which can be complied with on web-based software systems.

Keywords

Risk Analysis; Vulnerability; Asset; Threat;

Citations & Related Records

Reference

1	ANSI/IEEE Standard 829/1983 for Software Test Documentation. 1988
2	IEEE Standard 830 for Recommended Practice for Software Requirements Specifications, 1998
3	Cert Coordination Center, http://www.cert.org
4	Shu Xiao; Lijun Deng; Sheng Li; Xiangrong Wang, 'Integrated TCP/IP protocol software testing for vulnerability detection, Computer Networks and Mobile Computing,' ICCNMC 2003. pp.311-319, Oct. 2003
5	Thompson, H.H. 'Why security testing is hard,' Security & Privacy Magazine, IEEE , Volume: 1 , Issue: 4 , Pages:83 - 86, July-Aug. 2003 DOI ScienceOn
6	Satoh, I., 'Software testing for mobile and ubiquitous computing,' Autonomous Decentralized Systems, 2003. ISADS 2003. The Sixth International Symposium on , Pages:185 - 192, 9-11 April 2003
7	Injung Kim, el. 'The Design and Implementation for the Practical Risk Analysis Tools,' IFIP2004 Summer Conference, Aug. 2003
8	Injung kim, el, 'Security Honey-Net in Risk Analysis,' Oct. PosterSession COMPSEC2003
9	BSI, BS7799 - Code of Practice for Information Security Management, British Standards Institute, 1999
10	A. Fredlein, Web Project management, 2000
11	Injung Kim, el, 'A Study on Security Risk Modeling over Information and Communication', SAM2004
12	CSE, Threat and Risk Assessment Working Guide, Government of Canada, Communications Security Establishment, 1999
13	Solm, R., 'Information Security Management(2): Guidelines to The Management of Information Technology Security (GMITS)', Information Management & Computer Security, Vol. 6, No. 5, 1998, pp.221-223 DOI ScienceOn
14	GAO, Information Security Risk Assessment - Practices of Leading Organizations, Exposure Draft, U.S. General Accounting Office, August 1999
15	ISO/IEC JTC 1/SC27, Information technology - Security technique - Guidelines for the management of IT security (GMITS) - Part 3: Techniques for the management of IT security, ISO/IEC JTC1/SC27 N1845, 1997. 12. 1