摘要
在一个软件还未形成之前,测试工作已经介入,在这之前安全性问题是要考虑的重要元素之一。安全性测试在实物软件开发之前应该提前规划并开始实施。为了通过软件测试找出安全隐患,本文针对软件隐含的安全漏洞进行深入研究,将软件的安全漏洞测试工作分为安全性测试规划、伴随测试、整合测试3个阶段,概念性和动作性2个区域。模糊测试在测试中效率较高,适合安全漏洞测试,结合实践测试,提出基于模糊测试的软件安全性测试架构,在软件从无到有的整个过程中找出潜在的安全性问题,进而可以有效提升软件系统的安全性。
Before the software has not yet formed,the testing has been involved in,prior to this security problem is one of the important elements to consider.Security testing should be planned ahead before the physical software development.In order to identify security risks through software testing,software security vulnerabilities test is divided into security testing plan,along with testing,integration testing in three phases,conceptual and action of two regions.Fuzz is testing more efficient in testing,based on fuzzy test which is suitable for testing for security vulnerabilities and combined with practical test proposes software security testing frame-work so as to identify potential security issues in the whole software process and effectively enhance the security of the software systems.
出处
《煤炭技术》
CAS
北大核心
2010年第8期154-156,共3页
Coal Technology
关键词
模糊测试
软件安全
测试框架
fuzz testing
software security
testing frame-work
