Table of Contents Author Guidelines Submit a Manuscript
The Scientific World Journal
Volume 2013, Article ID 609254, 11 pages
http://dx.doi.org/10.1155/2013/609254
Research Article

An Approach of Vulnerability Testing for Third-Party Component Based on Condition and Parameter Mutation

1School of Computer Science and Tele. Engineering, Jiangsu University, Zhenjiang 212013, China
2School of Computer Science and Tech., Huazhong University of Science and Technology, Wuhan 430074, China

Received 6 June 2013; Accepted 10 July 2013

Academic Editors: J. Pavón and J. H. Sossa

Copyright © 2013 Jinfu Chen et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

The research on component vulnerability testing is critical. In this paper, an approach of vulnerability testing is proposed based on condition mutation and parameter mutation in order to effectively detect the explicit vulnerabilities of third-party components. To start with, the Pre-condition Mutation Algorithm (PCMA) is presented to generate mutants set of the pre-condition and test cases are generated based on these mutants. Then, the Single Parameter Mutated Values (SPMV) procedure is addressed to generate parameter values based on mutation operators of parameter specification. These values are then taken as the input of the Test Case Generation Algorithm based on the Parameter Constraint (TCGPC), which is addressed to generate test case set violating the parameter constraint. The explicit vulnerabilities can be detected by the vulnerability detecting algorithm based on the test cases of condition and parameter mutation. The experiments show that our approach can detect explicit vulnerability faults of third-party components. Furthermore, the proposed approach can detect more vulnerability faults than other related approaches such as condition coverage methods, fuzzy testing method and boundary value method.