摘要
在信息安全测试活动中,信息安全测试用例对测试结果的客观性、有效性起着至关重要的作用,信息安全测试用例库的构建是开展信息安全测试并实现测试自动化的重难点之一.目前,尚无一个适用的信息安全测试用例库可以有效支撑信息安全测试活动的开展.基于本体的信息安全测试用例库模型,在信息安全测试用例形式化描述的基础上,对信息安全测试用例领域知识进行了分类,构建了一个共享、重用、可扩展的信息安全测试用例本体模型.根据构建的本体模型,对Web应用安全测试中的SQL注入测试用例进行知识获取,验证了模型的正确性与有效性.
In information security testing activities,information security test cases play a crucial role in the objectivity and validity of test results.The construction of the information security test case library is one of the key and difficult points in information security testing and test automation.At present,there is no applicable information security test case library that can effectively support the development of information security testing activities.The information security test case library model based on ontology classifies the domain knowledge of information security test cases on the basis of the formal description of information security test cases,and constructs a shared,reusable and extensible information security test case ontology model.According to the built ontology model,the knowledge of SQL injection test cases in Web application security testing is obtained,which verifies the correctness and effectiveness of the model.
作者
刘迎龙
郭荣华
吴迪
苗泉强
Liu Yinglong;Guo Ronghua;Wu Di;Miao Quanqiang(Unit.No.63891,Luoyang,Henan 471003)
出处
《信息安全研究》
CSCD
2023年第10期1008-1014,共7页
Journal of Information Security Research
关键词
信息安全测试
测试用例
本体
测试用例模型
安全测试知识
information security testing
test case
ontology
test case model
security test knowledge
