Acta Informatica Pragensia X:X | DOI: 10.18267/j.aip.113132

Classification and Evaluation of Cloud-Based Testing Tools: The Case Study of Web Applications’ Security Testing

Martin Lněnička, Jan Čapek
Institute of System Engineering and Informatics, Faculty of Economics and Administration, University of Pardubice, Studentska 84, 532 10 Pardubice, Czech Republic

The purpose of the article is to give a survey of research fields related to test and manage applications from the cloud, i.e. cloud-based testing, so that it can facilitate security requirements associated with the testing. This article has two main aims. The first one is the survey of published results attained by the synergy of these research fields – cloud-based testing, testing strategies and types of tests, and related architectures, which is followed by the classification of testing tools based on their testing strategies. The second part is focused on security testing of Fire and Rescue Service portals in the Czech Republic and identification of vulnerabilities in these portals. The results suggested that it is more appropriate to manage only one unified portal than a lot of portals on the regional level, also due to the economies of scale. Finally, the most suitable tool for cloud-based security testing was recommended based on these results and a typical cloud-based testing methodology was described.

Klíčová slova: Cloud computing, Cloud-based testing, Web applications, Security, Case study

Přijato: 5. prosinec 2017; Zveřejněno online: 5. prosinec 2017

Stáhnout citaci

Reference

  1. Ajay, D. M., & Umamaheswari, E. (2016). An Initiation for Testing the Security of a Cloud Service Provider. In V. Vijayakumar & V. Neelanarayanan (Eds.), Proceedings of the 3rd International Symposium on Big Data and Cloud Computing Challenges (pp. 33-41). Cham: Springer. doi: 10.1007/978-3-319-30348-2_3 Přejít k původnímu zdroji...
  2. Akerele O., Ramachandran M., & Dixon M. (2013). Testing in the Cloud: Strategies, Risks and Benefits. In Z. Mahmood & S. Saeed (Eds.), Software Engineering Frameworks for the Cloud Computing Paradigm. Computer Communications and Networks (pp. 165-185). London: Springer. doi: 10.1007/978-1-4471-5031-2_8 Přejít k původnímu zdroji...
  3. Bai, X., Li, M., Chen, B., Tsai, W.-T., & Gao, J. (2011). Cloud Testing Tools. In Proceedings of the IEEE 6th International Symposium on Service Oriented System Engineering (pp. 1-12). New York: IEEE. doi: 10.1109/SOSE.2011.6139087 Přejít k původnímu zdroji...
  4. Čapek, J. (2012). Cloud Computing and Information Security. Scientific Papers of the University of Pardubice, Series D, Faculty of Economics and Administration, 18(24), 23-30.
  5. Dai, W. W., Riliskis, L., Vyatkin, V., Osipov, E., & Delsing, J. (2014). A configurable cloud-based testing infrastructure for interoperable distributed automation systems. In Proceedings of the 40th Annual Conference of the IEEE Industrial Electronics Society (pp. 2492-2498). New York: IEEE.
  6. Gao, J., Bai, X., & Tsai, W. T. (2011). Cloud Testing - Issues, Challenges, Needs and Practice. Software Engineering: An International Journal, 1(1), 9-23.
  7. Gao, J., Bai, X., Tsai, W. T., & Uehara, T. (2013). Testing as a Service (TaaS) on Clouds. In Proceedings of the IEEE 7th International Symposium on Service Oriented System Engineering (pp. 212-223). New York: IEEE. doi: 10.1109/SOSE.2013.66 Přejít k původnímu zdroji...
  8. Harikrishna, P., & Amuthan, A. (2016). A Survey of Testing as a Service in Cloud computing. In Proceedings of the International Conference on Computer Communication and Informatics (pp. 1-5). New York: IEEE. doi: 10.1109/ICCCI.2016.7479949 Přejít k původnímu zdroji...
  9. Hsieh, S. J., Yuan, S. M., Luo, G. H., & Chen, H. W. (2014). A flexible public cloud based testing service for heterogeneous testing targets. In Proceedings of the 16th Asia-Pacific Network Operations and Management Symposium (pp. 1-3). New York: IEEE. doi: 10.1109/APNOMS.2014.6996521 Přejít k původnímu zdroji...
  10. Inçki, K., Ari, I., & Sözer, H. (2012). A Survey of Software Testing in the Cloud. In Proceedings of the IEEE Sixth International Conference on Software Security and Reliability Companion (pp. 18-23). New York: IEEE. doi: 10.1109/SERE-C.2012.32 Přejít k původnímu zdroji...
  11. Jun, W., & Meng, F. (2011). Software Testing Based on Cloud Computing. In Proceedings of the International Conference on Internet Computing Information Services (pp. 176-178). New York: IEEE. doi: 10.1109/ICICIS.2011.51 Přejít k původnímu zdroji...
  12. Kuo, J. Y., Liu, C. H., & Yu, W. T. (2015). The Study of Cloud-Based Testing Platform for Android. In Proceedings of the IEEE International Conference on Mobile Services (pp. 197-201). New York: IEEE. doi: 10.1109/MobServ.2015.36 Přejít k původnímu zdroji...
  13. Li, A., Yang, X., Kandula, S., & Zhang, M. (2010). CloudCmp: Comparing public cloud providers. In Proceedings of the 10th ACM SIGCOMM conference on Internet measurement (pp. 1-14). New York: ACM.
  14. Lněnička, M. (2013). Cloud-Based Testing of Business Applications and Web Services. Scientific Papers of the University of Pardubice, Series D, Faculty of Economics and Administration, 20(26), 66-78.
  15. Malhotra, R., & Jain, P. (2013). Testing Techniques and its Challenges in a Cloud Computing Environment. SIJ Transactions on Computer Science Engineering & its Applications, 1(3), 88-93.
  16. Nachiyappan, S., & Justus, S. (2015). Cloud Testing Tools and its Challenges: A Comparative Study. Procedia Computer Science, 50, 482-489. doi: 10.1016/j.procs.2015.04.018 Přejít k původnímu zdroji...
  17. Narayanan, C. V. (2010). Testing, the 'Cloud' Way. Siliconindia. Retrieved November 15, 2017, from https://www.siliconindia.com/magazine_articles/Testing_the_%E2%80%98Cloud%E2%80%99_Way-NLJO444799615.html
  18. Petticrew, M. & Roberts, H. (2006). Systematic Reviews in the Social Sciences: A Practical Guide. Malden: Blackwell Publishing. Přejít k původnímu zdroji...
  19. Priyanka, C., Chana, I., & Rana, A. (2012). Empirical Evaluation of Cloud-based Testing Techniques: A Systematic Review. ACM SIGSOFT Software Engineering Notes, 37(3), 1-9. doi: 10.1145/180921.2180938 Přejít k původnímu zdroji...
  20. Riungu, L. M., Taipale, O., & Smolander, K. (2010). Research Issues for Software Testing in the Cloud. In Proceedings of the IEEE Second International Conference on Cloud Computing Technology and Science (pp. 557-564). New York: IEEE. doi: 10.1109/CloudCom.2010.58 Přejít k původnímu zdroji...
  21. Riungu-Kalliosaari, L., Taipale, O., & Smolander, K. (2012). Testing in the Cloud: Exploring the Practice. IEEE Software, 29(2), 46-51. doi: 10.1109/MS.2011.132 Přejít k původnímu zdroji...
  22. Riungu-Kalliosaari, L., Taipale, O., Smolander, K., & Richardson, I. (2016). Adoption and use of cloud-based testing in practice. Software Quality Journal, 24(2), 337-364. doi: 10.1007/s11219-014-9256-0 Přejít k původnímu zdroji...
  23. Robinson, P., & Ragusa, C. (2011). Taxonomy and requirements rationalization for infrastructure in cloud-based software testing. In Proceedings of the IEEE Third International Conference on Cloud Computing Technology and Science (pp. 454-461). New York: IEEE. doi: 10.1109/CloudCom.2011.67 Přejít k původnímu zdroji...
  24. Shklar, L., & Rosen, R. (2009). Web Application Architecture: Principles, Protocols and Practices. Chichester: Wiley.
  25. Tung, Y. H., Lin, C. C., & Shan, H. L. (2014). Test as a Service: A framework for Web security TaaS service in cloud environment. In Proceedings of the IEEE 8th International Symposium on Service Oriented System Engineering (pp. 212-217). New York: IEEE. doi: 10.1109/SOSE.2014.36 Přejít k původnímu zdroji...
  26. Zech, P. (2011). Risk-Based Security Testing in Cloud Computing Environments. In Proceedings of the IEEE Fourth International Conference on Software Testing, Verification and Validation (pp. 411-414). New York: IEEE. doi: 10.1109/ICST.2011.23 Přejít k původnímu zdroji...
  27. Zech, P., Felderer, M., & Breu, R. (2012). Towards a Model-Based Security Testing Approach of Cloud Computing Environments. In Proceedings of the IEEE Sixth International Conference on Software Security and Reliability Companion (pp. 47-56). New York: IEEE. doi: 10.1109/SERE-C.2012.11 Přejít k původnímu zdroji...
  28. Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation Computer Systems, 28(3), 583-592. doi: 10.1016/j.future.2010.12.006 Přejít k původnímu zdroji...

Tento článek je publikován v režimu tzv. otevřeného přístupu k vědeckým informacím (Open Access), který je distribuován pod licencí Uveďte původ / Creative Commons Attribution License (CC BY), která umožňuje distribuci, reprodukci a změny, pokud je původní dílo řádně ocitováno. Není povolena distribuce, reprodukce nebo změna, která není v souladu s podmínkami této licence.