An optimized attack tree model for security test case planning and generation

Securing software assets via efficient test case management is an important task in order to realize business goals. Given the huge risks web applications face due to incessant cyberattacks, a proactive risk strategy such as threat modeling is adopted. It involves the use of attack trees for identifying software vulnerabilities at the earliest phase of software development which is critical to successfully protect these applications. Although, many researches have been dedicated to security testing with attack tree models, test case redundancy using this threat modeling technique has been a major issue faced leading to poor test coverage and expensive security testing exercises. This paper presents an attack tree modeling algorithm for deriving a minimal set of effective attack vectors required to test a web application for SQL injection vulnerabilities. By leveraging on the optimized attack tree algorithm used in this research work, the threat model produces efficient test plans from which adequate test cases are derived to ensure a secured web application is designed, implemented and deployed. The experimental result shows an average optimization rate of 41.67% from which 7 test plans and 13 security test cases were designed to mitigate all SQL injection vulnerabilities in the web application under test. A 100% security risk intervention of the web application was achieved with respect to preventing SQL injection attacks after applying all security recommendations from test case execution report

Moth: a hybrid threat model for improving software security testing

As SQL injection attack (SQLIA) continues to threaten web applications despite several techniques recommended to prevent it, a Hybrid Threat Modeling strategy was adopted in this research due to its proactive approach to risk mitigation in web applications. This involved the combination of 3 threat modeling techniques namely misuse cases, attack trees and finite state machines in order to harness their individual strengths to design a Hybrid Threat Modeling framework and tool called MOTH (Modeling Threats using Hybrid techniques). Using the MOTH tool developed using Eclipse rich client platform, experimental results with an e-commerce web application downloaded from GitHub namely BodgeIt store shows an improved SQL injection vulnerability detection rate of 13.33% in comparison to a commercial tool, IBM AppScan. Further benchmarking of MOTH with respect to SQL injection vulnerability detection in both BodgeIT store and IBM’s Altoro Mutual online banking application shows it is 30.6% more effective over AppScan. Relative to other threat modeling tools, MOTH was able to realize a 41.7% optimization of attack paths required to design effective test plans and test cases for the recommendation of efficient security requirements needed to prevent SQL injection attacks. A 100% risk mitigation was achieved after applying these recommendations due to a complete security test coverage of all test cases during the experiment as all test cases successfully exposed the inherent security mutants in the AUT. These results show that MOTH is a more suitable hybrid threat modeling tool for preventing poor specifications that expose web applications to SQL injection attacks

Improving book lending service in UTM Library using apriori rule-mining technique

The continuous advancement in technology has redefined the nature and strategy of service provision to customers in all works of life. Academic libraries in institution of higher learning are not exempted from this struggle for relevance to provide improved services to their demanding customers. In order to protect its huge investment in library collections especially books and maintain patronage from students in the university, UTM Library, Perpustakaan Sultanah Zanariah must improve its book lending services to counter the tough competition from rival media and service providers in the same business realm. This research seeks to recommend the best books to UTM students when they put PSZ’s book lending service to use by developing a book recommender system which uses an association rule mining technique called Apriori algorithm. An added feature to improve the recommendation’s from this application is ensuring recommended books are highly rated whereby all ratings are provided by trustworthy and popular book selling and reading sites such as Amazon and Goodreads. The result from application testing showed wide acceptance and emphases by students to integrate this feature in the existing library portal as majority believed this integration will aid an improvement in their knowledge as they borrow the best books with higher ratings while also enjoying a better and richer search experience

A framework to reduce redundancy in android test suite using refactoring

Micro gap heat sinks reduce flow boiling instabilities and generate more uniform surface temperature than typical microchannels. Heat transfer rate in micro gaps can be increased by providing micro fins. Micro fins increase surface area as well as generate turbulence, which disturbs the laminar sub-layer. Hence, heat transfer rate enhances due to rapid fluid mixing. In this paper, effectiveness of flow boiling in a micro finned micro gap for cooling purpose has been investigated numerically. Flow boiling of pure water in the heat sink has been simulated using FLUENT 14.5 release. From results, it has been observed that upper and lower solid-fluid interfaces show different thermal behaviors with heat flux increment.Area-weighted average heat transfer coefficient of upper surface increases with increasing heat flux, while decreases for lower surface. In a net effect, thermal resistance of the heat sink increases with heat flux increment after onset of boiling for low Reynolds number. However, for high Reynolds number, thermal resistance changes slowly with heat flux variation. Pressure drop penalty has been found high for high heat fluxes during boiling. Interestingly, increment of pumping power is not always cost effective as thermal resistance does not decrease sharply all over the range. Hence, it is suggested that optimized pumping power should be used for highest efficiency