没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
How to Break Software Security:
The Science of Software Security
Failure
Herbert H. Thompson, Ph.D.
Chief Security Strategist
Security Innovation
A tale of two bugs…
Most testing processes focus on
finding traditional “bugs”…
…but there are huge differences in
behavior between functional bugs
and vulnerabilities…
A Security Fault Model
Intended
Behavior
Actual
Behavior
Traditional
Bugs
Most Security
Bugs
Revelation: Many software development
processes marginalize security vulnerabilities
• The goal of functional testing is verification of the
specification
• Security bugs usually don’t fit into this model
• Security bugs escape functional testing because
unsafe behavior tends to manifest as side-effects
• These side-effects might not violate the
specification directly
• Can be masked by the fact that the application
also did what it was supposed
to
剩余16页未读,继续阅读
资源评论
seven55
- 粉丝: 0
- 资源: 2
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功