| With the rapid development of the software technology, software security testing has developed. Genetic efficient test data for testing has an important scientific and academic value. Moreover, it is significance to our security testing. However, software security testing has still on the stage of research and development so far. Many technical problems such as how to enhance efficiency and accuracy have not been solved completely. This paper devotes to the research of the generation of the test data for software security and the optimization of the test data.Firstly, this paper introduces the software security testing technology. It is mainly about the research status and the basic concepts and methods of the software security testing. In general, introduce the existing method of security testing methods and the using of Fault Injection and Fuzzing.Secondly, this paper proposes the application method of Fault Injection (FI) used in security testing data generation. Introduce its generation, basic conception and feature. Expatiate the general process of Fault Injection and analyze the method of Fault Injection are the main technologies. And propose the method of using Fuzzing to genetic the test data. We analyze the academic support of test data generation using Fault Injection based on Fuzzing and the problems which we need is to solve.Lastly, this paper investigates an approach to effective automatic security test data generation using Fuzzing. Introducing the general process for security test data optimized based on Genetic Algorithm (GA), discussing the design method of fitness function are main questions also. The improvements in optimizing the test data using GA include the coding of chromosomes, specifically designed genetic operators and the design of fitness function. The conversion time to the target security requirement is reduced by the method of controlling variance position. The efficiency of searching security test data is enhanced by improving adaptive GA. A tool model is designed to automatically optimize security test data according to the security requirements. The feasibility and effectiveness of the proposed algorithm is demonstrated with the security testing on Web application. |
PDF Full Text Request