Open AccessPractical Aspects of Vulnerability Detection During Certification Tests of Information Security Software
Author(s) -
Vitaly Varenitsa,
Alexey Markov,
Vladislav Savchenko,
Valentin Tsirlov
Publication year - 2021
Publication title -
voprosy kiberbezopasnosti
Language(s) - English
Resource type - Journals
ISSN - 2311-3456
DOI - 10.21681/2311-3456-2021-5-36-44
Subject(s) - certification , computer science , secure coding , relevance (law) , directive , vulnerability (computing) , vulnerability management , software , computer security , software engineering , software security assurance , information security , risk analysis (engineering) , vulnerability assessment , data science , security service , business , psychology , psychological resilience , political science , law , psychotherapist , programming language
Purpose: analysis of various techniques and techniques for identifying defects and vulnerabilities during certification tests. Research method: comparative analysis. Result: the conclusion is made about the relevance and priority of the study of open-source web applications. The study is given and the shortcomings of directive methods for identifying vulnerabilities and undeclared capabilities in software products are shown. The author’s statistics of the identified vulnerabilities are given with detailing by classes of computer attacks, manufacturers of information security tools, programming environments and methods for identifying vulnerabilities. A comparative analysis of author’s methods with known directive testing methods is given. The relevance of the implementation of the concept of developing secure software is shown. Recommendations on improving the security of software tools for information protection are given.