The results show that, while these testing methods can kill most of the mutants, they have an important limitation - they cannot detect the vulnerabilities that are not captured by the threat models. They have been applied to the evaluation of two security testing methods that use attack trees and attack nets as threat models for test generation. Using this approach, we have created 30 distinct mutants for FileZilla Server. The consequences of vulnerabilities refer to various potential attacks, such as spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege (STRIDE). The causes of vulnerabilities include design-level (e.g., incorrect policy enforcement) and implementation-level defects (such programming errors as buffer overflow and unsafe function calls). Our approach creates security mutants by considering the causes and consequences of vulnerabilities. Such syntactic changes may not result in meaningful security vulnerabilities in security-intensive software.
In the existing mutation testing research, mutants are created through syntactic changes. To develop such a benchmark, this paper presents an approach to security mutation analysis of FileZilla Server, a popular FTP server implementation as a case study. Benchmarks based on real-world systems, however, are in great demand for evaluating the vulnerability detection capability of these techniques. Security has become a priority for software development and many security testing techniques have been developed over the years.
0 kommentar(er)
