Fuzz Test Case Generation for Penetration Testing in Mobile Cloud Computing Applications

Al‐Ahmad, Ahmad Salah; Kahtan, Hasan

doi:10.1007/978-3-030-00979-3_27

Cited by 5 publications

(6 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, penetration testing can be used to test the system against certain types of attacks, such as denial of service attacks [46], SQL injection attacks [47], and crosssite scripting attacks [48]. Where the tester starts by analyzing the computer system under test, generating a set of test cases, selecting the important test cases, executing those test cases, and reporting the results [29,[49][50][51][52].…”

Section: -1-penetration Testingmentioning

confidence: 99%

Overview on Case Study Penetration Testing Models Evaluation

2023

View full text Add to dashboard Cite

Model evaluation is a cornerstone of scientific research as it represents the findings' accuracy and model performance. A case study is commonly used in evaluating software engineering models. Due to criticism in terms of generalization from a single case study and testers, deciding on the number of case studies used for evaluation and the number of testers has been one of the researchers’ challenges. Multiple case studies with multiple testers can be difficult in some domains, such as penetration testing, due to the complexity and time needed to prepare test cases. This study aims to review the literature and examine the evaluation methods used pertaining to the number of case studies and testers involved. This study is beneficial for researchers, students, and penetration testers as it provides case study design steps that are useful to determine the appropriate number of test cases and testers required. The paper's findings and novelty highlight that a single case study with a single tester is enough to evaluate a model. It also strikes a balance between what is enough for the evaluation and the need to reduce criticisms of a single case study by using two case studies with a single tester. Doi: 10.28991/ESJ-2023-07-03-025 Full Text: PDF

show abstract

Section: -1-penetration Testingmentioning

confidence: 99%

Overview on Case Study Penetration Testing Models Evaluation

2023

View full text Add to dashboard Cite

show abstract

“…Each test case for a MCC application needs to be generated and executed with respect to the device state to cover all possible process flows [6]- [8]. Therefore, the number of generated test cases is substantially increased [9].…”

Section: Applications Use Cloudmentioning

confidence: 99%

“…In general, penetration testing examines systems using multiple attacks and attempts to find and exploit vulnerabilities using appropriate malicious input values that help to discover security bugs in implementation [31], [32]. The majority of penetration testing models included the phases of planning, analysis, test case generation, test case selection, test case execution, and reporting [33].…”

Section: Applications Use Cloudmentioning

confidence: 99%

Systematic Literature Review on Penetration Testing for Mobile Cloud Computing Applications

et al. 2019

Self Cite

View full text Add to dashboard Cite

Mobile cloud computing (MCC) enables mobile devices to exploit seamless cloud services via offloading, and has numerous advantages and increased security and complexity. Penetration testing of mobile applications has become more complex and expensive due to several parameters, such as the platform, device heterogeneity, context event types, and offloading. Numerous studies have been published in the MCC domain, whereas few studies have addressed the common issues and challenges of MCC testing. However, current studies do not address MCC and penetration testing. Therefore, revisiting MCC and penetration testing domains is essential to overcoming the inherent complexity and reducing costs. Motivated by the importance of revisiting these domains, this paper pursues two objectives: to provide a comprehensive systematic literature review (SLR) of the MCC, security and penetration testing domains and to establish the requirements for penetration testing of MCC applications. This paper has systematically reviewed previous penetration testing models and techniques based on the requirements in Kitchenham's SLR guidelines. The SLR outcome has indicated the following deficiencies: the offloading parameter is disregarded; studies that address mobile, cloud, and web vulnerabilities are lacking; and a MCC application penetration testing model has not been addressed by current studies. In particular, offloading and mobile state management are two new and vital requirements that have not been addressed to reveal hidden security vulnerabilities, facilitate mutual trust, and enable developers to build more secure MCC applications. Beneficial review results that can contribute to future research are presented.INDEX TERMS Mobile cloud computing, penetration testing, offloading, mobile testing, cloud testing.

show abstract

“…A component may also fail to meet an application's requirements due to differences in requirements and cycles [13][14][15]. First, changes at the application level (e.g.…”

mentioning

confidence: 99%

“…First, changes at the application level (e.g. modifying a few components or updating new versions) can cause system failure [16][17][18][19]. Second, reusing defective components may erode software system trust.…”

mentioning

confidence: 99%

A model for developing dependable systems using a component‐based software development approach (MDDS‐CBSD)

et al. 2022

View full text Add to dashboard Cite

Component-based software development (CBSD) is an emerging technology that integrates existing software components to swiftly develop and deploy big and complex software systems with little engineering effort, money, and time. CBSD, on the other hand, has difficulties with security trust, particularly dependability. When a system provides the desired outcomes while causing no harm to the environment, it is said to be dependable. Dependability encompasses several attributes, including availability, confidentiality, integrity, reliability, safety, and maintainability. Developing dependable component software is achieved by embedding dependability attributes in CBSD. Thus, the CBSD model must address the dependability attributes. Hence, the objectives of this work are: (1) to propose a model for developing a dependable system using componentbased software development approach (hereafter the model is referred to as MDDS-CBSD), which aims to mitigate software component vulnerabilities, and (2) to assess the proposed model. The best-practice method was used to frame the CBSD architecture phases and processes, as well as embed the six dependability attributes. The MDDS-CBSD architecture was evaluated using expert opinion. The MDDS-CBSD was also used to develop an information and communications technology (ICT) portal using an empirical study method. Vulnerability Assessment Tools were used to assess the developed ICT portal's dependability. The MDDS-CBSD may be used to create web application systems and to protect them from attacks. Model developers may use CBSD to describe and assess dependability attributes at any point during the model development process. The reliability of this model can also let companies utilise CBSD with confidence. K E Y W O R D Scomponent-based software development, dependability attributes, software architecture, software development management, software engineering, software security development | INTRODUCTIONCBSD is an emerging technology that builds systems by combining existing software components. CBSD focusses on composing software systems rather than programming software. Assuming that certain parts of a large software system recur frequently, common parts must be written once and reused many times rather than written repeatedly [1,2]. At the same time, CBSD has a number of advantages, from increasing programmer productivity to reducing software development costs [3]. Software reuse can help meet demands for faster delivery, lower software production and maintenance costs, and better quality. Thus, CBSD's main goal is to reduce overall software development costs. That is, software development and maintenance must be less costly. CBSD is also required for faster software delivery. For this reason, the software industryThis is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

show abstract

Fuzz Test Case Generation for Penetration Testing in Mobile Cloud Computing Applications

Cited by 5 publications

References 30 publications

Overview on Case Study Penetration Testing Models Evaluation

Overview on Case Study Penetration Testing Models Evaluation

Systematic Literature Review on Penetration Testing for Mobile Cloud Computing Applications

A model for developing dependable systems using a component‐based software development approach (MDDS‐CBSD)

Contact Info

Product

Resources

About