• Title/Summary/Keyword: Security Testing

Search Result 382, Processing Time 0.028 seconds

The Software Quality Testing on the basis of the International Standard ISO/IEC 25023 (국제표준 ISO/IEC 25023 을 기반으로 한 소프트웨어 품질평가)

  • Jung, Hye-Jung
    • Journal of the Korea Convergence Society
    • /
    • v.7 no.6
    • /
    • pp.35-41
    • /
    • 2016
  • As software is very important, modern men are interesting software quality testing. In this paper, we analyze the Internation standard and Test data, so, we propose the testing method by analysing testing data. We compare ISO/IEC 9126-2 testing model with ISO/IEC 25023 testing model. On the basis of ISO/IEC 25023, we classify the test data and we analyze the difference of International Standard to functionality, reliability, usability, efficiency, maintainability, portability, compatability, and security. By reality 331 testing data, we classify test data, and analyze difference according to sex. We find regression model by functionality, usability and testing date and we prove difference of testing date and the number of error by tester. Also, we prove difference of the number of error in software type.

The Importance of Ethical Hacking Tools and Techniques in Software Development Life Cycle

  • Syed Zain ul Hassan;Saleem Zubair Ahmad
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.6
    • /
    • pp.169-175
    • /
    • 2023
  • Ethical hackers are using different tools and techniques to encounter malicious cyber-attacks generated by bad hackers. During the software development process, development teams typically bypass or ignore the security parameters of the software. Whereas, with the advent of online web-based software, security is an essential part of the software development process for implementing secure software. Security features cannot be added as additional at the end of the software deployment process, but they need to be paid attention throughout the SDLC. In that view, this paper presents a new, Ethical Hacking - Software Development Life Cycle (EH-SDLC) introducing ethical hacking processes and phases to be followed during the SDLC. Adopting these techniques in SDLC ensures that consumers find the end-product safe, secure and stable. Having a team of penetration testers as part of the SDLC process will help you avoid incurring unnecessary costs that come up after the data breach. This research work aims to discuss different operating systems and tools in order to facilitate the secure execution of the penetration tests during SDLC. Thus, it helps to improve the confidentiality, integrity, and availability of the software products.

Developing a Framework for the Implementation of Evidence Collection System: Focusing on the Evaluation of Information Security Management in South Korea

  • Choi, Myeonggil;Kang, Sungmin;Park, Eunju
    • Journal of Information Technology Applications and Management
    • /
    • v.26 no.5
    • /
    • pp.13-25
    • /
    • 2019
  • Recently, as evaluation of information security (IS) management become more diverse and complicated, the contents and procedure of the evidence to prepare for actual assessment are rapidly increasing. As a result, the actual assessment is a burden for both evaluation agencies and institutions receiving assessments. However, most of them reflect the evaluation system used by foreign government agencies, standard organizations, and commercial companies. It is necessary to consider the evaluation system suitable for the domestic environment instead of reflecting the overseas evaluation system as it is. The purpose of this study is as follows. First, we will present the problems of the existing information security assessment system and the improvement direction of the information security assessment system through analysis of existing information security assessment system. Second, it analyzes the technical guidance for information security testing and assessment and the evaluation of information security management in the Special Publication 800-115 'Technical Guide to Information Security Testing and Assessment' of the National Institute of Standards and Technology (NIST). Third, we will build a framework to implement the evidence collection system and present a system implementation method for the '6. Information System Security' of 'information security management actual condition evaluation index'. The implications of the framework development through this study are as follows. It can be expected that the security status of the enterprises will be improved by constructing the evidence collection system that can collect the collected evidence from the existing situation assessment. In addition, it is possible to systematically assess the actual status of information security through the establishment of the evidence collection system and to improve the efficiency of the evaluation. Therefore, the management system for evaluating the actual situation can reduce the work burden and improve the efficiency of evaluation.

A Study on the Evaluation Method for Penetration Test Method and Procedures (모의 침투 테스트 방법 및 절차의 평가 방법에 관한 연구)

  • Kang, Yong-Suk;Choe, Guk-Hyeon;Shin, Yong-Tae;Kim, Jong-Hee;Kim, Jong-Bae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2014.05a
    • /
    • pp.230-233
    • /
    • 2014
  • Latest Inforamtion security threats and risks change very rapidly, and there to strengthen the security level of the major companies and organizations are diversified attack to respond to a penetration test conducted. Penetration test(PenTest) is safer for the purpose of looking for vulnerabilities in computer systems by taking advantage of vulnerabilities discovered in the same way as a hacker attack. How to make a security vulnerability could be exploited by attempting to attack show. On the other hand, many security companies are testing in a variety of ways to be penetrated. However, penetration testing to evaluate the strength and reliability has not performed yet. Therefore, in this study, Penetration testing to validate and present a reliable method of evaluation. In this study, penetration testing, assessment information to provide the evaluation results are more reliable. And, as a result, efficient penetration test is expected to be possible.

  • PDF

Study and Scheme Presentation for Generator testing Rules (발전 설비 시험에 대한 규정 검토 및 방안 제시)

  • Choi, H.K.;Kim, D.J.;Moon, Y.H.
    • Proceedings of the KIEE Conference
    • /
    • 2005.11b
    • /
    • pp.362-364
    • /
    • 2005
  • In abroad, thousands of generator testing were accomplished because of importance about generator stability parameters. But it was introduced TWBP and processing in Korea. In addition to, related rules of generator testing had been weaken. Without guidelines, practical uses are much limited. So, it studied compliance life cycle about generator facility parameters for stability analysis. This paper presents security scheme and working rules using generator testing and disturbance recordings, considering domestic circumstance.

  • PDF

Improving Security in Ciphertext-Policy Attribute-Based Encryption with Hidden Access Policy and Testing

  • Yin, Hongjian;Zhang, Leyou;Cui, Yilei
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.5
    • /
    • pp.2768-2780
    • /
    • 2019
  • Ciphertext-policy attribute-based encryption (CP-ABE) is one of the practical technologies to share data over cloud since it can protect data confidentiality and support fine-grained access control on the encrypted data. However, most of the previous schemes only focus on data confidentiality without considering data receiver privacy preserving. Recently, Li et al.(in TIIS, 10(7), 2016.7) proposed a CP-ABE with hidden access policy and testing, where they declare their scheme achieves privacy preserving for the encryptor and decryptor, and also has high decryption efficiency. Unfortunately, in this paper, we show that their scheme fails to achieve hidden access policy at first. It means that any adversary can obtain access policy information by a simple decisional Diffie-Hellman test (DDH-test) attack. Then we give a method to overcome this shortcoming. Security and performance analyses show that the proposed scheme not only achieves the privacy protection for users, but also has higher efficiency than the original one.

A New Methodology for Software Reliability based on Statistical Modeling

  • Avinash S;Y.Srinivas;P.Annan naidu
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.9
    • /
    • pp.157-161
    • /
    • 2023
  • Reliability is one of the computable quality features of the software. To assess the reliability the software reliability growth models(SRGMS) are used at different test times based on statistical learning models. In all situations, Tradational time-based SRGMS may not be enough, and such models cannot recognize errors in small and medium sized applications.Numerous traditional reliability measures are used to test software errors during application development and testing. In the software testing and maintenance phase, however, new errors are taken into consideration in real time in order to decide the reliability estimate. In this article, we suggest using the Weibull model as a computational approach to eradicate the problem of software reliability modeling. In the suggested model, a new distribution model is suggested to improve the reliability estimation method. We compute the model developed and stabilize its efficiency with other popular software reliability growth models from the research publication. Our assessment results show that the proposed Model is worthier to S-shaped Yamada, Generalized Poisson, NHPP.

A Study on Introducing Security Certification for Control Systems (제어시스템 보안인증 도입 방안 연구)

  • Choi, Hoyeol;Kim, Daeyeong;Shin, Hyungjune;Hahn, Changhee;Hur, Junbeom
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.3
    • /
    • pp.725-734
    • /
    • 2016
  • SCADA(Supervisory Control and Data Acquisition) system is widely used for remote monitoring and control throughout the domestic industry. Due to a recent breach of security on SCADA systems, such as Stuxnet, the need of correctly established secure certification of a control system is growing. Currently, EDSA-CRT (Embedded Device Security Assurance-Communication Robustness Test), which tests the ability to provide core services properly in a normal/abnormal network protocol, is only focused on the testing of IP-based protocols such as IP, ARP, TCP, etc. Thus, in this paper, we propose test requirements for DNP3 protocol based on EDSA-CRT. Our analysis show that the specific test cases provide plentiful evidences that DNP3 should follow based on its functional requirements. As a result, we propose 33 specific test case for DNP3 protocol.

Development Testing/Evaluating Methods about Security Functions based on Digital Printer (디지털 프린터의 보안기능 시험/평가방법론 개발)

  • Cho, Young-Jun;Lee, Kwang-Woo;Cho, Sung-Kyu;Park, Hyun-Sang;Lee, Hyoung-Seob;Lee, Hyun-Seung;Kim, Song-Yi;Cha, Wook-Jae;Jeon, Woong-Ryul;Won, Dong-Ho;Kim, Seung-Joo
    • The KIPS Transactions:PartC
    • /
    • v.16C no.4
    • /
    • pp.461-476
    • /
    • 2009
  • Digital Printers that are mainly used in enterprises and public institutions are compound machinery and tools which are combined into various functions such as printing, copying, scanning, and fax so on. Digital Printers has security functionality for protecting the important data related with confidential industry technology from leaking. According to the trends, CC(Common Criteria) evaluation and assurance about digital printer is on progress in Japan and USA. Domestically CC evaluation and assurance is started recently. However, the know-how about the digital printer evaluation is not enough and the developers and the evaluators have difficulty in CC evaluation of digital printer products in the country. Therefore, the testing method of digital printer security functionality and evaluation technology is essentially needed for increasing demand for the evaluation afterwards. In this study, we analyze the security functionality and developing trends of digital printer products from internal and external major digital printer companies. Moreover, we research the characters of each security functions and propose guideline for digital printer security functionality evaluation and vulnerability testing methods.

A study on Communication Robustness Testing for Industrial Control Devices (산업용 제어기기의 통신 견고성 시험 방안 연구)

  • Park, Kyungmi;Shin, Donghoon;Kim, WooNyon;Kim, SinKyu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.5
    • /
    • pp.1099-1116
    • /
    • 2019
  • Industrial control systems(ICS) are widely used in various industrial area and critical infrastructure. To mitigate security threats on ICS, the security assurance test for industrial control devices has been introduced and operating. The test includes testing of the security function of the device itself and testing of communication robustness. In this paper, we describe the security requirements of EDSA, Achilles, and Korea's TTA standard(security requirements for ICS). And also, we analyzed the characteristics of communication robustness test(CRT) of each certification. CRT verifies the device's operation of essential function while transmitting fuzzing and stress packets. Existing test methods are mostly focused on the embedded devices and are difficult to apply to various devices. We propose a method to test communication robustness which reflect the characteristics of control H/W, control S/W, field devices and network devices in ICS. In the future, we will apply the proposed communication robustness test to actual products and present solutions for arising issues.