Global ETD Search

1	Evaluating the effectiveness of web application testing techniques using automated tools Alrashed, Weaam January 2018 (has links) The heterogeneous structure and dynamic nature of web applications have made the testing procedure a challenge. Producing high-quality web applications can be performed by conducting appropriate testing techniques. As a result, several white-box and session-based testing techniques have been proposed in the literature. In this work, the performance and effectiveness of these testing techniques are evaluated in terms of fault detection on a simulated PHP online bookstore. The testing techniques are examined with the use of PHPUnit, xDebug and Selenium automated testing tools. We believe that combining the testing techniques with appropriate automated testing tools (PHPUnit and Selenium) can be effective in terms of fault detection and time spent to construct and run test cases on PHP web applications. The results show that some testing techniques are preferred. We also identify categories of faults that are amenable to detection by each of the techniques, as well as categories of faults that are difficult to detect by any of the techniques. Moreover, using the automated tools has helped in automating the conduct of the tests and in reducing the time required to perform them. / Thesis / Master of Applied Science (MASc)
2	A Model for Run-time Measurement of Input and Round-off Error Meng, Nicholas Jie 25 September 2012 (has links) For scientists, the accuracy of their results is a constant concern. As the programs they write to support their research grow in complexity, there is a greater need to understand what causes the inaccuracies in their outputs, and how they can be mitigated. This problem is difficult because the inaccuracies in the outputs come from a variety of sources in both the scientific and computing domains. Furthermore, as most programs lack a testing oracle, there is no simple way to validate the results. We define a model for the analysis of error propagation in software. Its novel combination of interval arithmetic and automatic differentiation allows for the error accumulated in an output to be measurable at runtime, attributable to individual inputs and functions, and identifiable as either input error, round-off error, or error from a different source. This allows for the identification of the subset of inputs and functions that are most responsible for the error seen in an output and how it can be best mitigated. We demonstrate the effectiveness of our model by analyzing a small case study from the field of nuclear engineering, where we are able to attribute the contribution of over 99% of the error to 3 functions out of 15, and identify the causes for the observed error. / Thesis (Master, Computing) -- Queen's University, 2012-09-24 14:12:25.659 Computing Scientific Software Round-off Error Sensitivity Analysis Automated Tools Case Study Dynamic Analysis
3	Security Auditing and Testing of two Android Client-Server Applications Engström Ericsson, Matilda January 2020 (has links) How secure is your application? How can you evaluate if it is secure? The threats are many and may be hard to find. In a world where things are more and more automated; how does manual labour contribute to security auditing applications? This study aims to assess two proof of concept Android client-server applications, developed by students to suit the needs of a fictitious Police Department and Fire Department, respectively. The approach is unconventional yet supported by well-established theory. The gist of a vulnerability assessment methodology initially developed to assess the security of middleware is followed and applied to the entire architecture of these client-server applications. How the manual labour contributed to the end results, in comparison to the use of automated tools and a list of known threats, is then evaluated. It is concluded that the applications encompass multiple of the Open Web Application Security Project (OWASP) Top 10 Mobile Risks and that automated tools find most of those vulnerabilities. However, relying on automation may lead to a false sense of security, which in effect may cause developers to lose understanding of why vulnerabilities occur and how they should be mitigated. Understanding how the design and architecture of the application influence its security is key. As of Android 9.0+, default is that applications use SSL encrypted communication. Only 40% of Android users are in 2020 affected by this change according to Android studio developer information, leaving a majority of users unaware of if or how their data is being protected, also observed in analysis results from this thesis work. One should consider if or how to inform users of how their data is being handled, not only in newer Android versions or regarding SSL communication. This work also shows that developers' decisions may be greatly affected by time pressed situations, which is reflected upon in the last chapter. Another important finding was that the third-party software Sinch, which enabled the use of voice and video communication in one of the applications, sent IP addresses and usernames of the users in clear text during the binding request, when the Session Traversal Utilities for NAT (STUN) protocol was used. Security audit Security testing Android Client-Server OWASP Top 10 Mobile Risks Automated tools MITM attack SSL Authorization Computer Sciences Datavetenskap (datalogi)
4	Automatisk maskinåterställning : Hur automatiserade hjälpmedel kan bidra till en bättre produktion Adolfsson, Jesper January 2021 (has links) Ett vanligt förekommande problem med produktionsutrustning på Eberspächer är driftstopp där grundorsaken är svår att identifiera. Användning av sofistikerade system som isolerar felkällan kan minska avhjälpningstiden och därför vara till stor nytta för produktiviteten samt operatörens arbetsmiljö. Följande rapport undersöker möjligheterna kring att automatisera en återställning av en maskin fokuserad på mät- och kvalitetskontroll, till ett ursprungsläge där driftpersonal kan återuppta produktion efter ett driftstopp. Inledningsvis började arbetet med en litteraturstudie från vilket information inhämtades om de olika automatiserade delarna i mätcellen. Vidare studerades även maskinens PLC-program för att försöka förstå vad koden i de olika programmerade blocken gör. Programmeringen av den automatiserade återställningen gjordes i enighet med Eberspächers riktlinjer och kravspecifikation. Utifrån insamlad information om maskinens funktion har ett program med önskad funktionalitet kunnat skapas. Slutsatsen som kan dras av detta arbete är att det finns stora fördelar med att automatisera funktioner som kan vara svåra och kräva mycket av användaren. Den automatiserade återställningen är ett bra exempel på en funktion där det finns ekonomisk, ekologisk och ergonomisk vinning av att göra en komplicerad aktion lätthanterlig. / A common problem with production equipment at Eberspächer is downtime where the root cause is difficult to identify. The use of sophisticated systems that isolate the source of the error can reduce the remediation time and therefore be of great benefit to productivity. The following report examines how to automate the restoration of a machine focused on measurement and quality control, to an original mode where operating personnel can resume production after a downtime. Initially, work began on a literature study from which information was obtained about the various automated parts of the measuring cell. Furthermore, the machine's PLC program was also studied to try to understand what the code in the various programmed blocks does. The programming of the automated recovery was done in accordance with Eberspächer's guidelines and specification. Based on collected information about the machine's function, it has been possible to create a program with the desired functionality. The conclusion that can be drawn from this work is that there are great advantages to automating functions that can be difficult and require a lot of the user. The automated reset is a good example of a feature where there are economic, ecological and ergonomic benefits of making a complicated action manageable. Annan elektroteknik och elektronik
5	Bogoliubov Many-Body Perturbation Theory for Nuclei : Systematic Generation and Evaluation of Diagrams and First ab initio Calculations / Théorie de perturbation à N corps de Bogolioubov pour les noyaux : Génération et évaluation automatique des diagrammes et premiers calculs ab initio Arthuis, Pierre 27 September 2018 (has links) Les dernières décennies ont donné lieu à un développement rapide des théories ab initio visant à décrire les propriétés des noyaux à partir de l'interaction nucléonique. Un tel développement a été rendu possible à la fois par la très importante croissance de la puissance de calcul et de nouveaux développements formels. Le présent travail se consacre au développement de la théorie de perturbation à N corps de Bogolioubov récemment proposée, qui repose sur l'usage d'un état de référence brisant la symétrie associée au nombre de particules pour permettre une description des noyaux à simple couche ouverte. Le formalisme est tout d'abord décrit en détails, son lien avec la théorie de perturbation à N corps standard est établi, tout comme sa connexion avec la théorie de cluster couplés de Bogolioubov. L'extension du formalisme à des ordres plus élevés à partir de méthodes de théorie des graphes est ensuite présentée ainsi que le programme ADG qui génère et évalue les diagrammes BMBPT à un ordre quelconque. Les implications de ce développement formel dépassent le cadre du présent travail, les méthodes développées pouvant être appliqués à d’autres méthodes à N corps. Pour terminer, de premiers résultats numériques pour les isotopes de l'oxygène, du calcium et du nickel sont présentés. Ces résultats établissent la théorie de perturbation à N corps de Bogolioubov comme une méthode de premier intérêt pour des calculs à grande échelle sur les chaînes isotopiques et isotoniques de masse moyenne. / The last few decades in nuclear structure theory have seen a rapid expansion of ab initio theories, aiming at describing the properties of nuclei starting from the inter-nucleonic interaction. Such an expansion relied both on the tremendous growth of computing power and novel formal developments. This work focuses on the development of the recently proposed Bogoliubov Many-Body Perturbation Theory that relies on a particle-number-breaking reference state to tackle singly open-shell nuclei. The formalism is first described in details, and diagrammatic and algebraic contributions are derived up to second order. Its link to standard Many-Body Perturbation Theory is made explicit, as well as its connexion to Bogoliubov Coupled-Cluster theory. An automated extension to higher orders based on graph theory methods is then detailed, and the ADG numerical program generating and evaluating BMBPT diagrams at arbitrary order is introduced. Such a formal development carries implications that are not restricted to the present work, as the developed methods can be applied to other many-body methods. Finally, first numerical results obtained for oxygen, calcium and nickel isotopes are presented. They establish BMBPT as a method of interest for large-scale computations of isotopic or isotonic chains in the mid-mass sector of the nuclear chart. Ab initio Théorie à N corps Théorie de perturbation Brisure de symétrie Outils automatisés Ab initio Many-Body theory Perturbation theory Symmetry-Breaking Automated tools
6	Use of simulators for side-channel analysis: Leakage detection and analysis of cryptographic systems in early stages of development Veshchikov, Nikita 23 August 2017 (has links) (PDF) Cryptography is the foundation of modern IT security,it provides algorithms and protocols that can be usedfor secure communications. Cryptographic algorithmsensure properties such as confidentiality and data integrity.Confidentiality can be ensured using encryption algorithms.Encryption algorithms require a secret information called a key.These algorithms are implemented in cryptographic devices.There exist many types of attacks against such cryptosystems,the main goal of these attacks is the extraction of the secret key.Side-channel attacks are among the strongest types of attacksagainst cryptosystems. Side-channel attacks focus on the attacked device, they measure its physicalproperties in order to extract the secret key. Thus, these attacks targetweaknesses in an implementation of an algorithm rather than the abstract algorithm itself.Power analysis is a type of side-channel attacks that can be used to extract a secretkey from a cryptosystem through the analysis of its power consumption whilethe target device executes an encryption algorithm. We can say that the secret information is leaking from the device through itspower consumption. One of the biggest challenges in the domain of side-channel analysisis the evaluation of a device from the perspective of side-channel attacksor in other words the detection of information leakage.A device can be subject to several sources of information leakageand it is actually relatively easy to find just one side-channel attack that works(by exploiting just one source of leakage),however it is very difficult to find all sources of information leakage or to show that there is no information leakage in the givenimplementation of an encryption algorithm. Evaluators use various statistical tests during the analysis of a cryptographic device to checkthat it does not leak the secret key. However, in order to performsuch tests the evaluation lab needs the device to acquire the measurementsand analyse them. Unfortunately, the development process of cryptographicsystems is rather long and has to go through several stages. Thus, an information leakagethat can lead to a side-channel attackcan be discovered by an evaluation lab at the very last stage using the finalproduct. In such case, the whole process has to be restarted in order to fix the issue,this can lead to significant time and budget overheads. The rationale is that developers of cryptographic systems would like to be able to detect issues related to side-channel analysis during the development of the system,preferably on the early stages of its development. However, it is far from beinga trivial task because the end product is not yet available andthe nature of side-channel attacks is such that it exploits the properties ofthe final version of the cryptographic device that is actually available to the end user. The goal of this work is to show how simulators can be used for the detection of issues related to side-channel analysis during the development of cryptosystems.This work lists the advantages of simulators compared to physical experimentsand suggests a classification of simulators for side-channel analysis.This work presents existing simulators that were created for side-channel analysis,more specifically we show that there is a lack of available simulation toolsand that therefore simulators are rarely used in the domain. We present threenew open-source simulators called Silk, Ascold and Savrasca.These simulators are working at different levels of abstraction,they can be used by developers to perform side-channel analysisof the device during different stages of development of a cryptosystem.We show how Silk can be used during the preliminary analysisand development of cryptographic algorithms using simulations based on high level of abstraction source code. We used it to compare S-boxesas well as to compare shuffling countermeasures against side-channel analysis.Then, we present the tool called Ascold that can be used to find side-channel leakagein implementations with masking countermeasure using the analysis of assembly code of the encryption.Finally, we demonstrate how our simulator called Savrasca can be used to find side-channelleakage using simulations based on compiled executable binaries. We use Savrascato analyse masked implementation of a well-known contest on side-channel analysis (the 4th edition of DPA Contest),as a result we demonstrate that the analysed implementation contains a previouslyundiscovered information leakage. Through this work we alsocompared results of our simulated experiments with real experiments comingfrom implementations on microcontrollers and showed that issues found using our simulatorsare also present in the final product. Overall, this work emphasises that simulatorsare very useful for the detection of side-channel leakages in early stages of developmentof cryptographic systems. / Option Informatique du Doctorat en Sciences / info:eu-repo/semantics/nonPublished Informatique mathématique Technologie informatique hardware Informatique appliquée logiciel Analyse de systèmes informatiques Technologie de la sécurité cryptography cryptanalysis encryption side-channel analysis shuffling countermeasures masking countermeasures simulations automated tools side-channel attacks
7	Enabling Java Software Developers to use ATCG tools by demonstrating the tools that exist today, their usefulness, and effectiveness QAZIZADA, RASHED January 2021 (has links) The software industry is expanding at a rapid rate. To keep up with the fast-growing and ever-changing technologies, it has become necessary to produce high-quality software in a short time and at an affordable cost. This research aims to demonstrate to Java developers the use of Automated Test Case Generation (ATCG) tools by presenting the tools that exist today, their usefulness, and their effectiveness. The main focus is on the automated testing tools for the Java industry, which can help developers achieve their goals faster and make better software. Moreover, the discussion covers the availability, features, prerequisites, effectiveness, and limitations of the automated testing tools. Among these tools, the most widely used are Evosuite, JUnit, TestNG, and Selenium. Each tool has its advantages and purpose. Furthermore, these ATCG-tools were compared to provide a clear picture to Java developers, answer the research questions, and show strengths and limitations of each selected tool. Results show that there is no single ultimate tool that can do all kinds of testing independently. It all depends on what the developer aims to achieve. If one tool is good at generating unit test cases for Java classes, another tool is good at testing the code security through penetration testing. Therefore, the Java developers may choose a tool/s based on their requirements. This study has revealed captivating findings regarding the ATCG-tools, which ought to be explored in the future. Automated Test Case Generation ATCG ATG Java Software Testing Java Testing Tools Test case generation Object-Oriented software testing tools open source tools Mutation Testing Mutation Score Automated Tools Test Suite Engineering and Technology Teknik och teknologier Computer Sciences Datavetenskap (datalogi) Computer Engineering Datorteknik Media and Communication Technology Medieteknik Software Engineering Programvaruteknik

1

Page generated in 0.0814 seconds