UDC

004.415.532.3

Authors

Bederdinova Oksana Ivanovna
Institute of Shipbuilding and Arctic Marine Engineering, Severodvinsk Branch of Northern (Arctic)
Federal University named after M.V. Lomonosov (Arkhangelsk, Russia)
е-mail: O.Bederdinova@narfu.ru
Ivanova Lyudmila Aleksandrovna
ITDefensor LLC (Moscow, Russia)
е-mail: ivanova_la2000@bk.ru

Abstract

Having analyzed the process of white-box software testing, we developed a functional model using IDEF0 notation, which includes three stages: preparation to testing, software testing, and making report documentation of the results. We studied and analyzed the effect of specialized software on the test results at software code validation. Further, we suggested ways of improving the white-box method for static testing exemplified by Сppcheck static code analysis tool. This can be achieved by creating extensions to detect hazardous functions and test the return value of functions; identify use of insecure random number generators unable to resist cryptographic attacks, double deallocation of the same memory block and use of code with transferability problems, as well as use of memory after its deallocation, which leads to software instability in operation.

Keywords

software testing, white-box testing, static analysis, dynamic analysis

References

1. Category: OWASP Top 10 Project. Available at: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_ Project#tab=OWASP_Top_10_for_2010 (accessed 19 May 2014).
2. CWE Version 2.3. Ed. by Christey S.M., Kenderdine J.E., Mazella J.M. Project lead: Martin R.A. 2012. Available at: https://cwe.mitre.org/data/published/cwe_v2.3.pdf (accessed 19 May 2014).
3. 2011 CWE/SANS Top 25 Most Dangerous Software Errors. 2011. Available at: http://cwe.mitre.org/top25/ (accessed 19 May 2014).
4. Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors. Fortify Software. Available at: http://www. hpenterprisesecurity.com/vulncat/en/docs/Fortify_TaxonomyofSoftwareSecurityErrors.pdf (accessed 19 May 2014).