Antunes et al., 2013 - Google Patents
Security testing in SOAs: Techniques and toolsAntunes et al., 2013
View PDF- Document ID
- 9786553082078222047
- Author
- Antunes N
- Vieira M
- Publication year
- Publication venue
- Innovative Technologies for Dependable OTS-Based Critical Systems: Challenges and Achievements of the CRITICAL STEP Project
External Links
Snippet
Abstract Web Applications and Services are often deployed with critical software bugs that may be maliciously exploited. The adoption of Service Oriented Architectures (SOAs) in a wide range of organizations, including business-critical systems, opens the door to new …
- 238000000034 method 0 title abstract description 44
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3612—Software analysis for verifying properties of programs by runtime analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3409—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Nunes et al. | Benchmarking static analysis tools for web security | |
| Antunes et al. | Comparing the effectiveness of penetration testing and static code analysis on the detection of sql injection vulnerabilities in web services | |
| Curphey et al. | Web application security assessment tools | |
| Almorsy et al. | Automated software architecture security risk analysis using formalized signatures | |
| Geneiatakis et al. | A Permission verification approach for android mobile applications | |
| US9747187B2 (en) | Simulating black box test results using information from white box testing | |
| Antunes et al. | Detecting SQL injection vulnerabilities in web services | |
| Antunes et al. | Penetration testing for web services | |
| Berger et al. | Extracting and analyzing the implemented security architecture of business applications | |
| Tung et al. | An integrated security testing framework for secure software development life cycle | |
| Antunes et al. | Designing vulnerability testing tools for web services: approach, components, and tools | |
| Micskei et al. | Robustness testing techniques and tools | |
| Autili et al. | Software engineering techniques for statically analyzing mobile apps: research trends, characteristics, and potential for industrial adoption | |
| Li et al. | On discovering vulnerabilities in android applications | |
| Amankwah et al. | Bug detection in Java code: An extensive evaluation of static analysis tools using Juliet Test Suites | |
| Kiss et al. | Combining static and dynamic analyses for vulnerability detection: illustration on heartbleed | |
| Casola et al. | A cloud SecDevOps methodology: from design to testing | |
| Bergadano et al. | A modular framework for mobile security analysis | |
| Sultana et al. | A study examining relationships between micro patterns and security vulnerabilities | |
| Pieczul et al. | Runtime detection of zero-day vulnerability exploits in contemporary software systems | |
| Antunes et al. | SOA-Scanner: an integrated tool to detect vulnerabilities in service-based infrastructures | |
| Homaei et al. | Athena: A framework to automatically generate security test oracle via extracting policies from source code and intended software behaviour | |
| Darus et al. | Enhancing Web Application Penetration Testing with a Static Application Security Testing (SAST) Tool | |
| Antunes et al. | Security testing in SOAs: Techniques and tools | |
| Touqir et al. | Systematic exploration of fuzzing in IoT: techniques, vulnerabilities, and open challenges: A. Touqir et al. |