Testing automation tools for secure software development

Abstract

Software testing is a crucial step in the development of any software system, large or small. Testing can reveal the presence of logic errors and other flaws in the code that could cripple the system's effectiveness. Many flaws common in software today can also be exploited to breach the security of the system on which the software is running. These flaws can be subtle and difficult to find. Frequently it takes a combination of multiple events to bring them out. Traditional testing techniques focus on dealing with errors as they arise during normal operation of the system. This technique is not particularly effective. Thus, recent research has focused on developing new, more effective software testing techniques. Two such techniques are combinatorial testing and fuzz testing. This thesis explores the effectiveness of combining both combinatorial testing and fuzz testing into a single software testing tool to aid in the discovery of subtle system flaws. The tools developed for testing automation by this thesis will aid in the development of secure software, and bolster the ranks of testing techniques available to future developers.