| Since 2000, information technology, which can be representative by computer technology, has been rapidly developed, and has been integrated into each aspect of social life, including military defense, education, health care, banking, insurance and so on. It can be said that people’s daily life has become increasingly dependent on softwares. Once a failure appears in the software or the data leaks, the losses may be difficult to estimate. So the quanlity of software has become increasingly important.Software testing as an important means in software quality assurance has got more and more attention, and has made many research results. In order to improve the efficiency of software security testing and to improve the security of software, a method for software security testing based on typical defects is presented in this paper. A management system for software security defects is designed and implemented. The main contents are as follows:1. A testing framework based on typical software security defects is proposed. The main management techniques for typical software security defects are reviewed, the main software security defect management agency are summarized, the origin of the typical software security flaws is explained. After that, a testing framework based on typical software security defects based is proposed. The framework treat the typical software security defects as the basic, it generates the appropriate safety testing requirements by the merging of the security requirements and typical software security defects, thereby generating software test cases.2. The requirements of the typical software security defects management system is detailed analyzed. The concepts of behavioral models for software security functional testing, threat models for software security defects are proposed. Thus we laid the theoretical foundation for the analysis and implementation of the systems. The overall requirements of the system is give. The system function is divided into four parts: defect management, defects behavioral modeling, defect threat tree modeling and view operations. The specific needs of each part was analyzed.3. The detailed design of the system is given. The design of the system architecture is completed. C/S design model is chosen through the comparison. Based on the MVCdesign pattern, the system is divided into three layers: the presentation layer, business logic layer, and data layer, thus to facilitate coding and maintenance. From the viewpoint of static modeling, the design of the key classes, the elements of the model illustration, and the database design are completed. The E-R model and data structure of the system are also designed.4. The main function of the system is implemented. DELPHI is used in the coding,key technologies in system implementation are studied such as the drawing technique of model elements, dual cache to eliminate the screen flash, and so on. The main coding work of defect management, behavioral modeling, threat tree modeling is completed. |
PDF Full Text Request