Test-as-a-Service: Application to Security Testing

Detalhes bibliográficos
Autor(a) principal: Pereira, Nuno José Matos
Data de Publicação: 2016
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10400.6/7753
Resumo: In a world where software gradually plays a key role daily, a failure may bring unpleasant consequences for its users. An example of a serious failure was the case Apple iCloud security exploit in 2014 where several private photos of celebrities have been accessed without permission[icl14a][icl14b]. Apart from economic and commercial implications, these faults lead to loss of trust in software by users, thus leading to the consequent search for an alternative and even result in leaving the old software for a new alternative. To address these shortcomings, the software industry started to use software testing to make sure that the software contains the minimum possible failures before is deployment. Software tests are used to analyse the program, namely to search some bugs. This analysis can be done without program execution (static analysis) or during execution (dynamic analysis). Static analysis tools can be used to check for potential execution of the program that have not been prematurely aborted due to unexpected event at runtime, not ensuring that the program will display the correct result. We studied some static analysis tools, JSFlow, JSPrime and TAJS, which analyse JavaScript code. These tools have been modified so they can be integrated into the Nibiru framework. Nibiru is a modular framework that aims to help in the implementation of software testing. It uses a micro-services architecture, enabling the use of multiple programming languages in his modules and has the ability to enable the implementation of its modules on multiple machines. So far the Nibiru has three operating modules and its ready to start growing with the community, so they can contribute in the construction of new modules or make small adjustments on the existing testing software to integrate the Nibiru framework.
id RCAP_fcbe9c68bfb02ed258008fe330a90d59
oai_identifier_str oai:ubibliorum.ubi.pt:10400.6/7753
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Test-as-a-Service: Application to Security TestingAutomatização de TestesJsflowJsprimeNibiruQcheckerTajsTestes de SegurançaTestes de SoftwareDomínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e InformáticaIn a world where software gradually plays a key role daily, a failure may bring unpleasant consequences for its users. An example of a serious failure was the case Apple iCloud security exploit in 2014 where several private photos of celebrities have been accessed without permission[icl14a][icl14b]. Apart from economic and commercial implications, these faults lead to loss of trust in software by users, thus leading to the consequent search for an alternative and even result in leaving the old software for a new alternative. To address these shortcomings, the software industry started to use software testing to make sure that the software contains the minimum possible failures before is deployment. Software tests are used to analyse the program, namely to search some bugs. This analysis can be done without program execution (static analysis) or during execution (dynamic analysis). Static analysis tools can be used to check for potential execution of the program that have not been prematurely aborted due to unexpected event at runtime, not ensuring that the program will display the correct result. We studied some static analysis tools, JSFlow, JSPrime and TAJS, which analyse JavaScript code. These tools have been modified so they can be integrated into the Nibiru framework. Nibiru is a modular framework that aims to help in the implementation of software testing. It uses a micro-services architecture, enabling the use of multiple programming languages in his modules and has the ability to enable the implementation of its modules on multiple machines. So far the Nibiru has three operating modules and its ready to start growing with the community, so they can contribute in the construction of new modules or make small adjustments on the existing testing software to integrate the Nibiru framework.Num mundo onde cada vez mais o software tem um papel fundamental nas atividades do dia-a-dia, uma falha pode trazer consequências desagradáveis para os seus utilizadores. Como exemplo de uma falha grave, temos o caso Apple iCloud security exploit em 2014 [icl14a][icl14b], onde várias fotos de celebridades foram acedidas sem permissão. Para além de repercussões económicas e comerciais estas falhas levam à perca de confiança no software por parte dos utilizadores, levando assim à consequente procura de alternativas ao mesmo, podendo até resultar no abandono do software antigo. Para colmatar estas falhas, hoje em dia a indústria cada vez aposta mais nos testes de software para certificar-se que o software contém o mínimo de falhas possíveis antes de sair para o mercado. Os testes de software servem para analisar o programa, nomeadamente na obtenção de bugs. Esta análise pode ser feita sem execução do programa (análise estática) ou durante a sua execução (análise dinâmica). As ferramentas de análise estática são utilizadas para verificar se existem potenciais execuções do programa que possam falhar durante a sua execução devido a eventos inesperados, isto faz com que o programa apresente um resultado incorreto ou até mesmo bloqueie. Foram estudadas algumas ferramentas de análise estática, JSFlow, JSPrime e TAJS, que analisam código JavaScript. Estas ferramentas foram modificadas para serem integradas na framework Nibiru. O Nibiru é uma framework modular que tem como intuito ajudar na execução de testes de software. Esta utiliza uma arquitetura de micro-serviços, possibilitando o uso de múltiplas linguagens de programação nos seus módulos e tem a capacidade de possibilitar a execução dos seus módulos em várias máquinas. Até ao momento o Nibiru conta com três módulos operacionais, encontrando-se pronto para crescer com a comunidade informática, podendo esta contribuir na construção de novos módulos.Sousa, Simão Patricio Melo deFernandes, João PaulouBibliorumPereira, Nuno José Matos2019-12-12T16:12:26Z2016-10-72016-12-062016-12-06T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10400.6/7753TID:202330605enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-01-31T02:31:47Zoai:ubibliorum.ubi.pt:10400.6/7753Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T00:48:12.346855Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Test-as-a-Service: Application to Security Testing
title Test-as-a-Service: Application to Security Testing
spellingShingle Test-as-a-Service: Application to Security Testing
Pereira, Nuno José Matos
Automatização de Testes
Jsflow
Jsprime
Nibiru
Qchecker
Tajs
Testes de Segurança
Testes de Software
Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
title_short Test-as-a-Service: Application to Security Testing
title_full Test-as-a-Service: Application to Security Testing
title_fullStr Test-as-a-Service: Application to Security Testing
title_full_unstemmed Test-as-a-Service: Application to Security Testing
title_sort Test-as-a-Service: Application to Security Testing
author Pereira, Nuno José Matos
author_facet Pereira, Nuno José Matos
author_role author
dc.contributor.none.fl_str_mv Sousa, Simão Patricio Melo de
Fernandes, João Paulo
uBibliorum
dc.contributor.author.fl_str_mv Pereira, Nuno José Matos
dc.subject.por.fl_str_mv Automatização de Testes
Jsflow
Jsprime
Nibiru
Qchecker
Tajs
Testes de Segurança
Testes de Software
Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
topic Automatização de Testes
Jsflow
Jsprime
Nibiru
Qchecker
Tajs
Testes de Segurança
Testes de Software
Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
description In a world where software gradually plays a key role daily, a failure may bring unpleasant consequences for its users. An example of a serious failure was the case Apple iCloud security exploit in 2014 where several private photos of celebrities have been accessed without permission[icl14a][icl14b]. Apart from economic and commercial implications, these faults lead to loss of trust in software by users, thus leading to the consequent search for an alternative and even result in leaving the old software for a new alternative. To address these shortcomings, the software industry started to use software testing to make sure that the software contains the minimum possible failures before is deployment. Software tests are used to analyse the program, namely to search some bugs. This analysis can be done without program execution (static analysis) or during execution (dynamic analysis). Static analysis tools can be used to check for potential execution of the program that have not been prematurely aborted due to unexpected event at runtime, not ensuring that the program will display the correct result. We studied some static analysis tools, JSFlow, JSPrime and TAJS, which analyse JavaScript code. These tools have been modified so they can be integrated into the Nibiru framework. Nibiru is a modular framework that aims to help in the implementation of software testing. It uses a micro-services architecture, enabling the use of multiple programming languages in his modules and has the ability to enable the implementation of its modules on multiple machines. So far the Nibiru has three operating modules and its ready to start growing with the community, so they can contribute in the construction of new modules or make small adjustments on the existing testing software to integrate the Nibiru framework.
publishDate 2016
dc.date.none.fl_str_mv 2016-10-7
2016-12-06
2016-12-06T00:00:00Z
2019-12-12T16:12:26Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10400.6/7753
TID:202330605
url http://hdl.handle.net/10400.6/7753
identifier_str_mv TID:202330605
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799136376658067456