3,490 research outputs found
A Course Module On Application Logic Flaws
Software security is extremely important, and even thoroughly tested code may still have exploitable vulnerabilities. Some of these vulnerabilities are caused by logic flaws. Due to the nature of application or business logic, few automated tools can test for these types of security issues. Therefore, it is important for students to learn how to reduce the number of logic flaws when developing software, and how to test for them manually. A course module with a case study was created to teach students about this topic. Case-based teaching methods are used because it allows students to better apply learned skills to real world industrial settings, and there is a lack of case studies available for current software engineering curriculum. The course module includes an introduction, a quiz on the reading, an animated PowerPoint about the case, and a set of discussion questions. The introduction covers what logic flaws are, reducing logic flaws during software development, and how to test for them manually. The case is about eCommerce merchant software Bigcommerce using PayPal Express to collect payment. A flaw lets attackers complete an expensive order using the payment intended for a cheaper order. An animation was created to trace the HTTP interactions and back-end code representing the steps of the exploit from this case, and explain the manual testing method used to discover the exploit. A set of discussion questions has students apply this method to similar code, to find potential vulnerabilities and then fix them. This course module was taught in COMP 727 Secure Software Engineering at North Carolina A&T State University in the Spring 2015 semester. A pre-survey and post-survey on the learning objectives shows students felt they improved their knowledge and skills relating to application logic flaws. A quiz based on the reading shows students understood the material. The quality of student discussions was very high. Discussion question results were graded using a rubric, and three-quarters of the class received an 85% grade or higher. Overall, this case study was effective at teaching students about application logic flaws. It will be made available to other universities, and can be easily integrated into existing curriculum
Testing and test-driven development of conceptual schemas
The traditional focus for Information Systems (IS) quality assurance relies on the evaluation of its implementation. However, the quality of an IS can be largely determined in the first stages of its development. Several studies reveal that more than half the errors that occur during systems development are requirements errors. A requirements error is defined as a mismatch between requirements specification and stakeholders¿ needs and expectations.
Conceptual modeling is an essential activity in requirements engineering aimed at developing the conceptual schema of an IS. The conceptual schema is the general knowledge that an IS needs to know in order to perform its functions. A conceptual schema specification has semantic quality when it is valid and complete. Validity means that the schema is correct (the knowledge it defines is true for the domain) and relevant (the knowledge it defines is necessary for the system). Completeness means that the conceptual schema includes all relevant knowledge. The validation of a conceptual schema pursues the detection of requirements errors in order to improve its semantic quality.
Conceptual schema validation is still a critical challenge in requirements engineering. In this work we contribute to this challenge, taking into account that, since conceptual schemas of IS can be specified in executable artifacts, they can be tested. In this context, the main contributions of this Thesis are (1) an approach to test conceptual schemas of information systems, and (2) a novel method for the incremental development of conceptual schemas supported by continuous test-driven validation. As far as we know, this is the first work that proposes and implements an environment for automated testing of UML/OCL conceptual schemas, and the first work that explores the use of test-driven approaches in conceptual modeling.
The testing of conceptual schemas may be an important and practical means for their validation. It allows checking correctness and completeness according to stakeholders¿ needs and expectations. Moreover, in conjunction with the automatic check of basic test adequacy criteria, we can also analyze the relevance of the elements defined in the schema. The testing environment we propose requires a specialized language for writing tests of conceptual schemas. We defined the Conceptual Schema Testing Language (CSTL), which may be used to specify automated tests of executable schemas specified in UML/OCL. We also describe a prototype implementation of a test processor that makes feasible the approach in practice.
The conceptual schema testing approach supports test-last validation of conceptual schemas, but it also makes sense to test incomplete conceptual schemas while they are developed. This fact lays the groundwork of Test-Driven Conceptual Modeling (TDCM), which is our second main contribution. TDCM is a novel conceptual modeling method based on the main principles of Test-Driven Development (TDD), an extreme programming method in which a software system is developed in short iterations driven by tests. We have applied the method in several case studies, in the context of Design Research, which is the general research framework we adopted. Finally, we also describe an integration approach of TDCM into a broad set of software development methodologies, including the Unified Process development methodology, MDD-based approaches, storytest-driven agile methods and goal and scenario-oriented requirements engineering methods.Els enfocaments per assegurar la qualitat deis sistemes d'informació s'han basal tradicional m en! en l'avaluació de la seva
implementació. No obstan! aix6, la qualitat d'un sis tema d'informació pot ser ampliament determinada en les primeres
fases del seu desenvolupament. Diversos estudis indiquen que més de la meitat deis errors de software són errors de
requisits . Un error de requisit es defineix com una desalineació entre l'especificació deis requisits i les necessitats i
expectatives de les parts im plicades (stakeholders ).
La modelització conceptual és una activitat essencial en l'enginyeria de requisits , l'objectiu de la qual és desenvolupar
!'esquema conceptual d'un sistema d'informació. L'esquema conceptual és el coneixement general que un sistema
d'informació requereix per tal de desenvolupar les seves funcions . Un esquema conceptual té qualitat semantica quan és
va lid i complet. La valides a implica que !'esquema sigui correcte (el coneixement definit és cert peral domini) i rellevant (el
coneixement definit és necessari peral sistema). La completes a significa que !'esquema conceptual inclou tot el
coneixement rellevant. La validació de !'esquema conceptual té coma objectiu la detecció d'errors de requisits per tal de
millorar la qualitat semantica.
La validació d'esquemes conceptuals és un repte crític en l'enginyeria de requisits . Aquesta te si contribueix a aquest repte i
es basa en el fet que els es quemes conceptuals de sistemes d'informació poden ser especificats en artefactes executables
i, per tant, poden ser provats. Les principals contribucions de la te si són (1) un enfocament pera les pro ves d'esquemes
conceptuals de sistemes d'informació, i (2) una metodología innovadora pel desenvolupament incremental d'esquemes
conceptuals assistit per una validació continuada basada en proves .
Les pro ves d'esquemes conceptuals poden ser una im portant i practica técnica pera la se va validació, jaque permeten
provar la correctesa i la completesa d'acord ambles necessitats i expectatives de les parts interessades. En conjunció amb
la comprovació d'un conjunt basic de criteris d'adequació de les proves, també podem analitzar la rellevancia deis elements
definits a !'esquema.
L'entorn de test proposat inclou un llenguatge especialitzat per escriure proves automatitzades d'esquemes conceptuals,
anomenat Conceptual Schema Testing Language (CSTL). També hem descrit i implementa! a un prototip de processador
de tes tos que fa possible l'aplicació de l'enfocament proposat a la practica. D'acord amb l'estat de l'art en validació
d'esquemes conceptuals , aquest és el primer treball que proposa i implementa un entorn pel testing automatitzat
d'esquemes conceptuals definits en UML!OCL.
L'enfocament de proves d'esquemes conceptuals permet dura terme la validació d'esquemes existents , pero també té
sentit provar es quemes conceptuals incomplets m entre estant sent desenvolupats. Aquest fet és la base de la metodología
Test-Driven Conceptual Modeling (TDCM), que és la segona contribució principal. El TDCM és una metodología de
modelització conceptual basada en principis basics del Test-Driven Development (TDD), un métode de programació en el
qual un sistema software és desenvolupat en petites iteracions guiades per proves. També hem aplicat el métode en
diversos casos d'estudi en el context de la metodología de recerca Design Science Research. Finalment, hem proposat
enfocaments d'integració del TDCM en diverses metodologies de desenvolupament de software
2018-2019
Contains information on courses and class descriptions as well as campus resources at Collin College.https://digitalcommons.collin.edu/catalogs/1030/thumbnail.jp
Recommended from our members
The Early Assessment of System Performance in Distributed Real-time Systems
Distributed real-time process control systems are notoriously difficult to develop. They frequently overrun time schedules and break cost constraints. The problems are compounded where there are multiple development teams and stakeholders. Conventional model-driven development has been examined to see if it can be extended to resolve some of these problems. It may be possible to use early system design stages to identify performance issues which would otherwise not be identified until late in the development of the system. A functional model is proposed, in addition to those conventionally used for model-driven development, based on loosely coupled functional elements, to represent the behaviour of each system component. The model complements existing requirements and design specifications and addresses the combination of individual component abstractions to produce a complete system specification.
The functional model enables the accurate prediction of system performance prior to the detailed design of each component. The thesis examines how performance can be calculated and modelled. An animator tool and associated code generator are used to predict system and component performance in a distributed aircraft navigation system.
The use of the animator to support the system design prior to the generation of the component contract specifications and interface control documents provides a means of assessing performance which is accessible to domain experts and system designers alike. The model also enables the effects of requirements changes and component design issues on the system design to be assessed in terms of the system design to provide system wide solutions.
This performance assessment model and animator compliments the existing 'fix-it-later' approach, reducing the chances of performance failure detected late during the system development process when they are most expensive to fix
2020-2021
Contains information on courses and class descriptions as well as campus resources at Collin College.https://digitalcommons.collin.edu/catalogs/1032/thumbnail.jp
Sixth Workshop and Tutorial on Practical Use of Coloured Petri Nets and the CPN Tools Aarhus, Denmark, October 24-26, 2005
This booklet contains the proceedings of the Sixth Workshop on Practical Use of Coloured Petri Nets and the CPN Tools, October 24-26, 2005. The workshop is organised by the CPN group at the Department of Computer Science, University of Aarhus, Denmark. The papers are also available in electronic form via the web pages: http://www.daimi.au.dk/CPnets/workshop0
- …