View All Documents & Correspondence
Method And System For Hybrid Testing
Abstract: Embodiments of the present disclosure relate to methods and systems for hybrid testing, combining the optimization features of functional testing brought forth to security testing. One disclosed method may include receiving a list of input points associated with a software unit under test and assigning, by a processor, risk values to the input points based on one or more risk rating factors. The risk values may reflect security risk associated with the input points. The method may further include providing, to the software unit under test, input values indicative of a functional test for input points assigned values reflecting a low security risk and input values indicative of a security test for input points assigned values reflecting a high security risk. The method may further include executing a security test for the software unit under test using the input values. Fig. 2
Notices, Deadlines & Correspondence
Patent Information
Applicants
WIPRO LIMITED
Inventors
1. SOURAV SAM BHATTACHARYA
Specification
CLIAMS:We claim:
1. A method for hybrid testing, comprising:
receiving a list of input points associated with a software unit under test;
assigning, by a processor, risk values to the input points based on one or more risk rating factors, the risk values reflecting security risk associated with the input points;
providing, to the software unit under test, input values indicative of a functional test for input points assigned risk values reflecting a low security risk; and
providing, to the software unit under test, input values indicative of a security test for input points assigned risk values reflecting a high security risk; and
executing a security test for the software unit under test using the input values.
2. The method of claim 1, wherein the security test comprises at least one of a penetration test and a source code security test.
3. The method of claim 1, wherein the one or more risk rating factors comprise at least one of a source of input associated with each input point, credibility of a provider of the input, transmission line security of the channel for inputs that are remotely provided, positioning of the input points relative to a firewall, or intrusion detection and intrusion prevention associated with the software unit under test.
4. The method of claim 1, wherein assigning risk values to the input points comprises:
serially comparing a value of each risk rating factor with respective threshold values;
calculating, by the processor, a risk value for each input point when one of the risk rating factor values exceeds a respective threshold value;
calculating, by the processor, a weighted vector sum value for each input point based on the one or more risk rating factors when no risk rating factor value exceeds the respective threshold values; and
comparing the weighted vector sum value to a threshold risk value.
5. The method of claim 4, further comprising:
assigning, by the processor, a risk value reflecting a low security risk to input points having a weighted vector sum value less than the threshold risk value; and
assigning, by the processor, a risk value reflecting a high security risk to input points having a weighted vector sum value greater than the threshold risk value.
6. The method of claim 1, wherein assigning risk values to the input points further comprises:
splitting one or more input points, reflecting the high security risk, into a plurality of risk levels based on the risk values; and
providing, to the software unit under test, input values indicative of a security test for the one or more input points based on the plurality of risk levels.
7. A system for hybrid testing, comprising:
one or more hardware processors; and
one or more memory devices storing instructions executable by the one or more hardware processors for:
receiving a list of input points associated with a software unit under test;
assigning, by a processor, risk values to the input points based on one or more risk rating factors, the risk values reflecting security risk associated with the input points;
providing, to the software unit under test, input values indicative of a functional test for input points assigned risk values reflecting a low security risk; and
providing, to the software unit under test, input values indicative of a security test for input points assigned risk values reflecting a high security risk; and
executing a security test for the software unit under test using the input values.
8. The system of claim 7, wherein the security test comprises at least one of a penetration test and a source code security test.
9. The system of claim 7, wherein the one or more risk rating factors comprise at least one of a source of input associated with each input point, credibility of a provider of the input, transmission line security of the channel for inputs that are remotely provided, positioning of the input points relative to a firewall, or intrusion detection and intrusion prevention associated with the software unit under test.
10. The system of claim 7, wherein the one or more memory devices store instructions executable by the one or more hardware processors for assigning risk values to the input points by:
calculating, by the processor, a risk value for each input point by serially comparing a value of each risk rating factor with respective threshold values, the risk value being calculated when one of the risk rating factor values exceeds the respective threshold value;
calculating, by the processor, a weighted vector sum value for each received input point based on the one or more risk rating factors upon identifying that no risk rating factor value exceeds the respective threshold values; and
comparing the weighted vector sum value to a threshold risk value.
11. The system of claim 10, wherein the one or more memory devices store instructions executable by the one or more hardware processors for:
assigning, by the processor, a risk value reflecting a low security risk to input points having a weighted vector sum value less than the threshold risk value; and
assigning, by the processor, a risk value reflecting a high security risk to input points having a weighted vector sum value greater than the threshold risk value.
12. The system of claim 7, wherein the one or more memory devices store instructions executable by the one or more hardware processors for assigning risk values to the input points by:
splitting one or more input points, reflecting the high security risk, into a plurality of risk levels based on the risk values; and
providing, to the software unit under test, input values indicative of a security test for the one or more input points based on the plurality of risk levels.
13. A non-transitory computer-readable medium storing instructions for hybrid testing, the instructions comprising:
receiving a list of input points associated with a software unit under test;
assigning, by a processor, risk values to the input points based on one or more risk rating factors, the risk values reflecting security risk associated with the input points;
providing, to the software unit under test, input values indicative of a functional test for input points assigned risk values reflecting a low security risk; and
providing, to the software unit under test, input values indicative of a security test for input points assigned risk values reflecting a high security risk; and
executing a security test for the software unit under test using the input values.
Dated this 10th day of March, 2015
Swetha S.N
Of K&S Partners
Agent for the Applicant
,TagSPECI:TECHNICAL FIELD
The present disclosure relates generally to software testing. More particularly, the present disclosure relates to methods and systems for hybrid software testing.
Documents
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | IP30382-Spec.pdf ONLINE | 2015-03-10 |
| 2 | IP30382-fig.pdf ONLINE | 2015-03-10 |
| 3 | FORM 5-IP30382 - Conventional.pdf ONLINE | 2015-03-10 |
| 4 | FORM 3-IP30382 - Conventional.pdf ONLINE | 2015-03-10 |
| 5 | 1154-CHE-2015 FORM-9 10-03-2015.pdf | 2015-03-10 |
| 6 | 1154-CHE-2015 FORM-18 10-03-2015.pdf | 2015-03-10 |
| 7 | IP30382-Spec.pdf | 2015-03-13 |
| 8 | IP30382-fig.pdf | 2015-03-13 |
| 9 | FORM 5-IP30382 - Conventional.pdf | 2015-03-13 |
| 10 | FORM 3-IP30382 - Conventional.pdf | 2015-03-13 |
| 11 | abstract 1154-CHE-2015.jpg | 2015-03-16 |
| 12 | 1154-CHE-2015 FORM-1 08-06-2015.pdf | 2015-06-08 |
| 13 | 1154-CHE-2015 CORRESPONDENCE OTHERS 08-06-2015.pdf | 2015-06-08 |
| 14 | 1154-CHE-2015 POWER OF ATTORNEY 08-06-2015.pdf | 2015-06-08 |
| 15 | 1154-CHE-2015-FER.pdf | 2019-10-18 |
| 16 | 1154-CHE-2015-OTHERS [16-04-2020(online)].pdf | 2020-04-16 |
| 17 | 1154-CHE-2015-FER_SER_REPLY [16-04-2020(online)].pdf | 2020-04-16 |
| 18 | 1154-CHE-2015-CLAIMS [16-04-2020(online)].pdf | 2020-04-16 |
| 19 | 1154-CHE-2015-US(14)-HearingNotice-(HearingDate-21-07-2023).pdf | 2023-07-03 |
| 20 | 1154-CHE-2015-POA [07-07-2023(online)].pdf | 2023-07-07 |
| 21 | 1154-CHE-2015-FORM 13 [07-07-2023(online)].pdf | 2023-07-07 |
| 22 | 1154-CHE-2015-Correspondence to notify the Controller [07-07-2023(online)].pdf | 2023-07-07 |
| 23 | 1154-CHE-2015-AMENDED DOCUMENTS [07-07-2023(online)].pdf | 2023-07-07 |
| 24 | 1154-CHE-2015-Written submissions and relevant documents [05-08-2023(online)].pdf | 2023-08-05 |
| 25 | 1154-CHE-2015-FORM-26 [05-08-2023(online)].pdf | 2023-08-05 |
| 26 | 1154-CHE-2015-PETITION UNDER RULE 138 [07-08-2023(online)].pdf | 2023-08-07 |
| 27 | 1154-CHE-2015-Certified Copy of Priority Document [05-09-2023(online)].pdf | 2023-09-05 |
Search Strategy
| 1 | SearchStrategyMatrix_17-10-2019.pdf |