BEHAVIOR-DRIVEN DEBELOPMENT FOR DOMAIN-SPECIFIC LANGUAGE-BASED SECURITY TESTING
Business Logic Error (BLE) is a class of security weakness identified by CWE-840. BLE is a security weakness that happens on the level of business logic. This type of weakness is hard to test because it cannot be tested without the clear definition of the business logic which includes the knowled...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/56568 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | Business Logic Error (BLE) is a class of security weakness identified by CWE-840.
BLE is a security weakness that happens on the level of business logic. This type
of weakness is hard to test because it cannot be tested without the clear definition
of the business logic which includes the knowledge about the states of the program.
This knowledge could be utilized on the testing description for programs that used
the Behavior-Driven Development (BDD) testing framework. BDD is a framework
that is used for testing. With BDD, the testing is described by the business steps.
These steps will become the knowledge that could be used for BLE testing, but currently the available mainstream BDD tools still have many shortcoming for security
testing.
This final project is focused on developing a tool that could utilized the knowledge
that the Quality Assurance has in the form of BDD testing scenario. By adding
features that could ease the use of BDD in security testing, especially BLE. The
added features are the ability to represent failure, representation of variances, and
scenario shuffling.
The validation results show that the failure and variance representation could be
iiiused well to ease ssecuirty testing and test cases refactoring, but still have drawbacks when used with certain other feature combinations |
|---|