Security testing technology based on the provisions of the simulation models scaling theory
DOI:
https://doi.org/10.18372/2225-5036.24.13045Keywords:
security testing, scaling, simulation model, software development, security vulnerabilitiesAbstract
The simulation model of web- application security testing technologies is improved in the work. The basis of the development is the basic provisions of the theory of scaling imitation models in the framework of algorithmic simplification based on the evaluation of transitive dependence on management and data. A distinctive feature of the developed simulation model is the adaptation of the choice of input control-flow statements and data to an increase in the requirements for the speed of development and implementation of the model, which resulted in the implementation of the procedure for interacting with a real browser using browser automation tools and generating attack data in several dialects. In order to reduce the time spent on simulation modeling, it was decided to conduct scaling by replacing the information exchange procedures with the server using an HTTP client with the procedures of interacting with a real browser using browser automation tools. In addition to the main purpose of scaling, this replacement will increase the reliability of the result of testing the attack with the injection of JavaScript code. In this case, the Selenium Webdriver library was chosen as a mean of browser automation. One of the difficulties of testing vulnerability to SQL injections is a large number of SQL dialects depending on the database management system used. This fact forces the generation of data for an attack in several dialects to maximize coverage of attack vectors. On the one hand, this increases the amount of input data of the simulation model, increases the complexity of the project and negatively affects the overall time characteristics of implementation and testing of the vulnerability. On the other hand, using the proposed scaling approach, the complexity of the project can be significantly reduced without degrading the qualitative characteristics. The proposed approach of algorithmic simplification of simulation modeling is based on advanced procedures for estimating transitive control and data dependencies. The admissibility and expediency of using the estimation of the transitive dependency has been determined, which will reduce the computational complexity of the implemented algorithms in comparison with the algorithms for estimating the direct dependency up to 1,5 times.References
Ranganath V., Amtoft T., Banerjee A., Dwyer M., Hatcliff J. A new foundation for con-troldependence and slicing for modern program structures. Technical report 8. Santos lab. Kansas State University. 2004. Р. 428–434.
Савенков К. О. Использование зависимостей при масштабировании имитационных моделей. Методы и средства обработки информации: труды 2 Всероссийской научной конф. Москва: МГУ им. М.В. Ломоносова. Москва, 2005. С. 28-37
Семенов С.Г., Швачич Г.Г., Карпова Т.П., Волнянський В.В. Застосування багатопроцесор-них систем для удосконалення технологічних процесів. Системи обробки інформації. 2016. №3(140). С.221-226.
Коваленко А.В., Смирнов А.А., Якименко Н.Н., Доренский А.П. Проблемы анализа и оценки рисков информационной деятельности. Системи обробки інформації. 2016. № 3(140). С. 40-42.
Коваленко А., Смирнов А., Якименко Н., Доренский А.П. Метод качественного анализа рисков разработки программного обеспечения. Наука і техніка Повітряних Сил Збройних Сил України. 2016. № 2(23). С. 150-158.
Коваленко А.В. Метод управления рисками разработки программного обеспечения. Системи управління, навігації та зв’язку. 2016. №2 (38). С. 93-100.
Maven – Introduction: URL: https://mav en.apache.org/what-is-maven.html.
Maven – POM Reference: URL: https://mav en.apache.org/pom.html.
Fowler M. Inversion of Control Containers and the Dependency Injection pattern: URL: https://martinfowler.com/articles/injection.html.
Spring Framework. URL: http://proje cts.spring.io/spring-framework/.