| Summary: | 碩士 === 世新大學 === 資訊管理學研究所(含碩專班) === 96 === To enhance and improve the information environment security, it is not only significant but also basic to research on software testing method and vulnerability digging technics. In fact, no matter how many different kinds of tests have been done during the procedure of developing a software, there are always new versions or patches provided after its release. Besides improving the software funcitons, most of the new versions and patches are used to solve the bugs problems existed in software. Some of the bugs problems are found from the feedback of the users who have found mistakes when running the software; Most of the bugs problems stay unfound or unfixed till the attack events released by CERT or caused by certain units or persons finding the software vulnerability. The damage is non-calculable before the software security vulnerabilities are fixed, especially for the widely used softwares, such as windows and office. Once the zero-day vulnerabilities were found, the damage can not be solved by fire wall, IDS or antivirus software. Take recent attack events for instance, zero-day attacks through web pages or e-mails have caused huge damage to the information environment. Therefore, from the angle of software security defence, programmers must have deep realization of secure-coding, and must go through secure testing on source code during developing a software to achieve preventing or defending attackers from finding the vulnerability.
This research is to present a software vulnerability digging mechanism with fuzz testing theory by studying related software testing literature, different categories of software vulnerability , software testing method and vulnerability digging operation mode. It is also to find fault on program, to ensure software security.
|
|---|
