Security testing technology based on the provisions of the simulation models scaling theory
DOI:
https://doi.org/10.18372/2225-5036.24.13045Keywords:
security testing, scaling, simulation model, software development, security vulnerabilitiesAbstract
The simulation model of web- application security testing technologies is improved in the work. The basis of the development is the basic provisions of the theory of scaling imitation models in the framework of algorithmic simplification based on the evaluation of transitive dependence on management and data. A distinctive feature of the developed simulation model is the adaptation of the choice of input control-flow statements and data to an increase in the requirements for the speed of development and implementation of the model, which resulted in the implementation of the procedure for interacting with a real browser using browser automation tools and generating attack data in several dialects. In order to reduce the time spent on simulation modeling, it was decided to conduct scaling by replacing the information exchange procedures with the server using an HTTP client with the procedures of interacting with a real browser using browser automation tools. In addition to the main purpose of scaling, this replacement will increase the reliability of the result of testing the attack with the injection of JavaScript code. In this case, the Selenium Webdriver library was chosen as a mean of browser automation. One of the difficulties of testing vulnerability to SQL injections is a large number of SQL dialects depending on the database management system used. This fact forces the generation of data for an attack in several dialects to maximize coverage of attack vectors. On the one hand, this increases the amount of input data of the simulation model, increases the complexity of the project and negatively affects the overall time characteristics of implementation and testing of the vulnerability. On the other hand, using the proposed scaling approach, the complexity of the project can be significantly reduced without degrading the qualitative characteristics. The proposed approach of algorithmic simplification of simulation modeling is based on advanced procedures for estimating transitive control and data dependencies. The admissibility and expediency of using the estimation of the transitive dependency has been determined, which will reduce the computational complexity of the implemented algorithms in comparison with the algorithms for estimating the direct dependency up to 1,5 times.References
Ranganath V., Amtoft T., Banerjee A., Dwyer M., Hatcliff J. A new foundation for con-troldependence and slicing for modern program structures. Technical report 8. Santos lab. Kansas State University. 2004. Р. 428–434.
Савенков К. О. Использование зависимостей при масштабировании имитационных моделей. Методы и средства обработки информации: труды 2 Всероссийской научной конф. Москва: МГУ им. М.В. Ломоносова. Москва, 2005. С. 28-37
Семенов С.Г., Швачич Г.Г., Карпова Т.П., Волнянський В.В. Застосування багатопроцесор-них систем для удосконалення технологічних процесів. Системи обробки інформації. 2016. №3(140). С.221-226.
Коваленко А.В., Смирнов А.А., Якименко Н.Н., Доренский А.П. Проблемы анализа и оценки рисков информационной деятельности. Системи обробки інформації. 2016. № 3(140). С. 40-42.
Коваленко А., Смирнов А., Якименко Н., Доренский А.П. Метод качественного анализа рисков разработки программного обеспечения. Наука і техніка Повітряних Сил Збройних Сил України. 2016. № 2(23). С. 150-158.
Коваленко А.В. Метод управления рисками разработки программного обеспечения. Системи управління, навігації та зв’язку. 2016. №2 (38). С. 93-100.
Maven – Introduction: URL: https://mav en.apache.org/what-is-maven.html.
Maven – POM Reference: URL: https://mav en.apache.org/pom.html.
Fowler M. Inversion of Control Containers and the Dependency Injection pattern: URL: https://martinfowler.com/articles/injection.html.
Spring Framework. URL: http://proje cts.spring.io/spring-framework/.
Downloads
How to Cite
Issue
Section
License
The scientific journal "Ukrainian Scientific Journal of Information Security" adheres to the principles of open science and provides free, free and permanent access to all published materials. The goal of the policy is to increase the visibility, citation and impact of the results of scientific research in the field of information security. The journal works according to the principles of Open Access and does not charge a fee for access to published articles.
All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.
Copyright
Authors who publish their works in the journal “Ukrainian Scientific Journal of Information Security”:
-
retain the copyright to their publications;
-
grant the journal the right of first publication of the article;
-
agree to the distribution of their materials under the CC BY 4.0 license;
-
have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.
