Research On Source Code Security Test Model Based On Result Feedback

Source code is the "raw material" of software.Conducting security testing on source code means keeping one of the most critical security lines of software security.Only the security vulnerability in the source code can be eliminated as soon as possible,and the security risks can be controlled.The resulting software products may have better security.Software source code security testing is one of the important ways to improve software security and ensure software quality.It is widely concerned and highly valued by academics and industry.There are more and more open source projects and commercialized source code security testing tools,and various detection methods and technologies have been proposed from different perspectives.However,due to the influence of many factors such as the design of the detection engine,the establishment of a vulnerability rule base,and the characteristics of programming languages,Existing source code security testing tools have different detection capabilities and vulnerability expression systems.The output of the test results also has different false positives and false negatives.A large amount of personnel and time are put into the test results to manually check and confirm.For the sake of comprehensiveness of testing,a variety of testing tools are often used for security testing with a software source code.These methods have become a common practice for improving software quality.There is a need for manual verification and integration of the results of testing of the same source code sample by different testing tools.However,there are also problems such as huge manual workload and simple and repetitive work processes.At present,there are no software tools to assist in the completion of the software.It is an urgent problem to be solved in order to improve software quality and test efficiency.Based on the common high-risk vulnerabilities of software source code and the ability to evaluate common detection software,this paper introduces a unified description method of source code vulnerabilities and a weighted iterative algorithm and establishes a source code security testing model based on a result feedback mechanism.The approach to safety and testing efficiency was explored.The main research work of this article:1)The high-risk vulnerability of common software source code are studied in detail from the aspects of formation principle,form of expression and hazards.The common source code security testing tools are compared in many aspects such as key technologies,detection capabilities,defect descriptions,and results display.2)Investigate the existing methods for classification and description of software source code vulnerabilities.Introduce and properly transform a unified defect description method to solve the problem of inconsistent expression of multiple test tools in test results.3)Introduce adaboost iterative algorithm,join the result feedback and weighted analysis mechanism,and build a source code security test model based on result feedback.4)Source code of open source software is selected as a test sample for source code security testing,and test results are used as a training sample set for the model to train and enhance the detection capability of the model.5)Finally,the effectiveness and superiority of the proposed scheme are verified by experiments,and the application development direction of the model is discussed.The possible innovation of this paper is to reconstruct and form a unified description method of defects,construct a type of source code security test model based on the feedback mechanism of detection results,and explore the ways of software security testing to reduce labor and improve efficiency.This kind of integrated model based on the results feedback mechanism for multi-system output fusion has certain versatility.