V. Varenitsa, Jsc Npo Echelon, A. Markov, V. Savchenko, V. Tsirlov, Bauman Moscow State Technical Universit
{"title":"信息安全软件认证测试中漏洞检测的实践问题","authors":"V. Varenitsa, Jsc Npo Echelon, A. Markov, V. Savchenko, V. Tsirlov, Bauman Moscow State Technical Universit","doi":"10.21681/2311-3456-2021-5-36-44","DOIUrl":null,"url":null,"abstract":"Purpose: analysis of various techniques and techniques for identifying defects and vulnerabilities during certification tests. Research method: comparative analysis. Result: the conclusion is made about the relevance and priority of the study of open-source web applications. The study is given and the shortcomings of directive methods for identifying vulnerabilities and undeclared capabilities in software products are shown. The author’s statistics of the identified vulnerabilities are given with detailing by classes of computer attacks, manufacturers of information security tools, programming environments and methods for identifying vulnerabilities. A comparative analysis of author’s methods with known directive testing methods is given. The relevance of the implementation of the concept of developing secure software is shown. Recommendations on improving the security of software tools for information protection are given.","PeriodicalId":422818,"journal":{"name":"Voprosy kiberbezopasnosti","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Practical Aspects of Vulnerability Detection During Certification Tests of Information Security Software\",\"authors\":\"V. Varenitsa, Jsc Npo Echelon, A. Markov, V. Savchenko, V. Tsirlov, Bauman Moscow State Technical Universit\",\"doi\":\"10.21681/2311-3456-2021-5-36-44\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Purpose: analysis of various techniques and techniques for identifying defects and vulnerabilities during certification tests. Research method: comparative analysis. Result: the conclusion is made about the relevance and priority of the study of open-source web applications. The study is given and the shortcomings of directive methods for identifying vulnerabilities and undeclared capabilities in software products are shown. The author’s statistics of the identified vulnerabilities are given with detailing by classes of computer attacks, manufacturers of information security tools, programming environments and methods for identifying vulnerabilities. A comparative analysis of author’s methods with known directive testing methods is given. The relevance of the implementation of the concept of developing secure software is shown. Recommendations on improving the security of software tools for information protection are given.\",\"PeriodicalId\":422818,\"journal\":{\"name\":\"Voprosy kiberbezopasnosti\",\"volume\":\"8 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Voprosy kiberbezopasnosti\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.21681/2311-3456-2021-5-36-44\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Voprosy kiberbezopasnosti","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21681/2311-3456-2021-5-36-44","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Practical Aspects of Vulnerability Detection During Certification Tests of Information Security Software
Purpose: analysis of various techniques and techniques for identifying defects and vulnerabilities during certification tests. Research method: comparative analysis. Result: the conclusion is made about the relevance and priority of the study of open-source web applications. The study is given and the shortcomings of directive methods for identifying vulnerabilities and undeclared capabilities in software products are shown. The author’s statistics of the identified vulnerabilities are given with detailing by classes of computer attacks, manufacturers of information security tools, programming environments and methods for identifying vulnerabilities. A comparative analysis of author’s methods with known directive testing methods is given. The relevance of the implementation of the concept of developing secure software is shown. Recommendations on improving the security of software tools for information protection are given.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
