| Nowadays, open source software has been applied in various fields for its open source code, expansibility, and inexpensive prices. However, for lacking in sufficient attention, imperfect detection mechanism and other reasons, software flaws such as HeartBleed, ShellShock have been exposed and let the world shocked. From the angle of open source software security testing, this paper studied a widely used open source monitoring software Zabbix.Firstly, in view of exploited vulnerabilities in recent years, this thesis makes the analysis and profound consideration of the cause. Then, this thesis introduces software security. Also, it concludes testing methods of software security and provides common testing tools. In particular, security testing of B/S architecture software is analyzed and summarized which lays a good foundation as followed.Secondly, this thesis uses the theory of software maturity assessment to build a security assessment model for open source software. The internal indicator in the model contains code quality, user security, stability, data storage and backstage security. The external indicator contains support and community activity. And they are divided into seven primary indicators and seventeen secondary indicators step by step. The software security is divided into five grades through calculating, and meanwhile it provides the standards of division and sets right weight. At last, based on the model, this thesis in detail discusses the testing processes, pointing out the priority of testing, and introduces the testing tools. This model provides the gist for developing software.Finally the security assessment model proposed in this thesis is used on Zabbix. This thesis uses Sonar to inspect the code at first. Then it tests API, boundaries by using unit testing. It also uses automated testing to check user security and so on. Combined with support and community activity, it computes the scores. Through our analysis, the score shows the user security, stability, data storage, logs are responded well but there are still problems in codes. This model not only provides the reference for software testing, but also assists in choosing and applying in Zabbix. |
PDF Full Text Request