| 基于SDL的软件安全测试方法研究 |
| |
| 引用本文: | 王志皓,赵保华,赵婷.基于SDL的软件安全测试方法研究[J].电力信息化,2012,10(11):8-11. |
| |
| 作者姓名: | 王志皓 赵保华 赵婷 |
| |
| 作者单位: | 中国电力科学研究院信息安全实验室,北京,100192 |
| |
| 摘 要: | 提出了一种基于软件安全开发生命周期(SDL)的软件安全测试方法,把现有单一的软件安全测试环节变为有计划的安全测试设计、安全编码测试、安全审计测试和上线安全测试的过程,并给出了详细的模块设计和方法分析。与传统方法相比,这种系统化的安全测试思想可以有效地降低软件成型后的测试成本,减少测试后补丁的研发数量,从而进一步提高开发效率。
|
| 关 键 词: | 生命周期 安全测试设计 安全编码测试 安全审计测试 上线安全测试 |
Research on SDL-based Software Security Testing Method |
| |
| WANG Zhi-hao
,
ZHAO Bao-hua
,
ZHAO Ting.Research on SDL-based Software Security Testing Method[J].Electric Power Information Technology,2012,10(11):8-11. |
| |
| Authors: | WANG Zhi-hao ZHAO Bao-hua ZHAO Ting |
| |
| Affiliation: | (Information Security Lab of China Electric Power Reseach Institute, Beijing 100192, China) |
| |
| Abstract: | In order to change single software security testing into a planned process consisting of security testing design, security coding testing, security audit testing and online security testing, this paper proposes a software security testing method based on software development lifecycle (SDL), and describes its modules design and method analysis in detail. Compared with the traditional methods, the systematic test idea used by the method can effectively reduce the huge cost of testing after the software accomplished and the numbers of patches after the test, further improve the development efficiency. |
| |
| Keywords: | lifecycle security testing design security coding testing security audit testing online security testing |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
