A Software Security Testing Method Based On Typical Defects

摘要：

According to CERT/CC, ten defects known are responsible for 75％ of security breaches in today software applications. Those defects are named as typical security defects. Based on that, a security testing method is given. In the method, a modeling technique with threat tree is described. Finally, a threat tree traversal algorithm (Tri-T algorithm) based on depth-first-search is designed and is used in an example to generate the test sequence.

关键词： software security testing typical defects threat tree

作者: Huang Song Wang Liang Zheng Changyou YU Hong

作者单位: PLA University of Science and Technology(PLAUST) PLA Software Test and Evaluation Center for Militar Institute of Command and Automation PLA University of Science and Technology Nanjing, China

会议类型: 国际会议

会议名称: The 2010 International Conference on Computer Application and System Modeling(2010计算机应用与系统建模国际会议 ICCASM 2010)

会议地点: 太原

会议语种:英文

页码: 150-153

在线出版日期: 2010-10-22（万方平台首次上网日期，不代表论文的发表时间）

会议专题

A Software Security Testing Method Based On Typical Defects