Security and Reliability are two qualitative concepts of the
software that have grown into two different domains of research and analysis.
We may consider a software to be reliable when is has been ensured security. We
can say that software is reliable only when it is secure. Security testing
checks the software vulnerability to external attacks. The main security
concepts covered by security testing are confidentiality, integrity,
authentication, authorization and non-repudiation.
Let us view some instances when software failures led to fierce
consequences.
·
An incoming missile was
identified as ‘friendly’ by a radar system. This led to the sinking of The
British destroyer, Sheffield.
·
A small unnoticeable error
eventually led to a loss of 28 lives when during Gulf War, a precision error of
missing 0.000000095 second, in every one-tenth of a second, over 100 hours, led
to the failure of the Patriot missile intercept the Scud missile.
·
Heartbleed, a bug affected web
servers making user passwords vulnerable to theft.
·
Target announced a breach of
its point of sale terminals.
A once perfectly working software may also show errors if the
supporting environment changes. With processors and software pervading our
world, reliability and security of software has now become a matter of life and
death. Such statistics and considerations have focused our attention on the
importance of software security testing for ensuring reliable interaction.
The Approach :
Software and software systems are deployed in almost every technical
system in most of the domains like science, commerce and communication
industries. These implementations can become reliable only when tested secure.
As the innate qualities of any software is its security. It is its ability to deal with the vulnerabilities
of the system against external forces.
Software reliability is the ability of the software for a failure free
operation in a specified period of time in a specified system, considering that
all the other components of the system are fault free. Reliability of the
software keeps changing with time along with bug detection and fixes, making
software security testing a continuous process.
The cyber world has now become more and more vulnerable to attacks. Security testing must be
carried out throughout the lifecycle of the project. Software developers work
out distinct set of improvements for the software – one that increases
reliability and the other that establishes security. For software reliability, the bugs that
hinder the error-free functioning of the system are fixed. This requires to be
done both in the designing and the testing phase. Reliability of a system can
be tested by releasing the beta version of the software.
For ensuring security, the developers look for flaws at the
operating system level which may lead to possible breaches. These may be
related to heap overflow, buffer over flow, bad code etc. The main Security
testing issues are detection of intrusion, authorization, authentication, data
integrity and confidentiality, patches, viruses and firewalls. Security Testing
needs to be embedded into every phase of System Development Life Cycle from
software requirements to its release.
Conclusion:
A risk based approach must be used to enable the software security
completely. By creating tests based on risks, those areas of code can be easily
identified where an attack can succeed. This assures a higher level of security
which makes the software more reliable. Implementing continuous Software
Security testing can only ensure reliable
software with changing trends of technology..
