GB/T 34944-2017 English PDFUS$1239.00 ยท In stock
Delivery: <= 10 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 34944-2017: Source code vulnerability testing specification for Java Status: Valid
Basic dataStandard ID: GB/T 34944-2017 (GB/T34944-2017)Description (Translated English): Source code vulnerability testing specification for Java Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L77 Word Count Estimation: 62,671 Date of Issue: 2017-11-01 Date of Implementation: 2018-05-01 Regulation (derived from): National Standard Announcement 2017 No. 29 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China GB/T 34944-2017: Source code vulnerability testing specification for Java---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.(Java language source code vulnerability testing specification) ICS 35.080 L77 National Standards of People's Republic of China Java language source code vulnerability test specification Published on.2017-11-01 2018-05-01 Implementation General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China China National Standardization Administration released Directory Preface I Introduction II 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 4 5 Source Code Vulnerability Test General 4 5.1 Source Code Vulnerability Test Purpose 4 5.2 Source Code Vulnerability Test Procedure 4 5.3 Source Code Vulnerability Test Management 5 5.4 Source Code Vulnerability Test Tool 7 5.5 Source Code Vulnerability Test Document 7 6 Source Code Vulnerability Test Content 7 6.1 Source Code Vulnerability Category 7 6.2 Source code vulnerability description 8 Appendix A (informative) Java language source code vulnerability test case 50 Appendix B (Informative) Java language source code vulnerability categories and names 56 References 58 ForewordThis standard was drafted in accordance with the rules given in GB/T 1.1-2009. Please note that some of the contents of this document may involve patents. The issuing agency of this document does not assume responsibility for identifying these patents. This standard was proposed and managed by the National Information Technology Standardization Technical Committee (SAC/TC28). This standard was drafted by. Zhuhai South Software Network Testing Center, Hangzhou Anheng Information Technology Co., Ltd., Xiamen University of Technology, Shanghai Ma Computer Technology Co., Ltd., China Electronics Standardization Institute, Eastcompeace Technology Co., Ltd., Yuanguang Software Co., Ltd. Company, Nanjing University, National Application Software Product Quality Supervision and Inspection Center, Zhuhai Zhonghui Microelectronics Co., Ltd., Guangdong Science and Technology Foundation Conditions Platform Center, Zhuhai Software Industry Association, Nanchang Jinyu Software Park Software Evaluation Training Co., Ltd., Jilin Province Electronic Information Products Supervision and Inspection Inspection Institute. The main drafters of this standard are. Hou Jianhua, Huang Zhaosen, Wang Zhongfu, Fan Yuan, Yang Shangyu, Deng Renxuan, Liang Jianxin, Zhang Hao, Li Jun, and Li Lan. Wang Wei, Huang Huaxi, Liu Zao, Xin Shijie, Chen Zhenyu, Xiao Yu, Cui Jianfeng, and Shen Yuxiang.IntroductionThe Java language is an object-oriented, high-level programming language that runs on a Java virtual machine. It is widely used in various large Information system and intelligent terminal application software development. As we all know, due to various human factors, the source code of each software is inevitable. There will be loopholes, and the occurrence of security events such as software information leakage, data or code being maliciously tampered with is generally related to source code vulnerabilities. for To minimize vulnerabilities in Java language source code, it is necessary to develop source code vulnerability test specifications for Java language programs. Source code vulnerability testing can be implemented after the software coding activity of the development process, and can also be implemented during the operation and maintenance process. The vulnerability classification and vulnerability description of this standard mainly refer to the CWE (CommonWeaknessEnu-) issued by MITRE Corporation. (merration), combined with the typical loopholes found in the current industry's mainstream automated static analysis tools in the testing practice to determine the progress Line description. Note. This standard vulnerability refers to the CWE2.9 version, and the sample code is applicable to the vulnerability description selected by this standard. This standard only describes key vulnerabilities supported by automated static analysis tools. When applying this standard for source code vulnerability testing The loopholes should be tailored and supplemented according to actual needs. Java language source code vulnerability test specification1 ScopeThis standard specifies the general and test contents of Java language source code vulnerability testing. This standard applies to Java language source code developed by testers of developers or third parties using automated static analysis tools. Vulnerability testing activities, designers of Java programming and coding staff, and designers of source code vulnerability testing tools are also available for reference.2 Normative referencesThe following documents are indispensable for the application of this document. For dated references, only dated versions apply to this article Pieces. For undated references, the latest version (including all amendments) applies to this document. GB/T 11457 Information Technology Software Engineering Terms GB/T 15532-2008 Computer Software Testing Specification GB/T 20158-2006 Information Technology Software Life Cycle Process Configuration Management (ISO /IEC TR15846.1998, IDT)3 Terms and DefinitionsThe terms and definitions defined in GB/T 11457 and the following apply to this document. 3.1 Access control accesscontrol A means of ensuring that the resources of a data processing system can only be accessed by authorized entities in an authorized manner. [GB/T 25069-2010, definition 2.2.1.42] 3.2 Attack attack In an information system, attempts (including stealing data) to destroy, reveal, change, or disable a system or information. [GB/T 25069-2010, definition 2.2.1.58] 3.3 Cipher Blockchaining When encrypting information, each ciphertext block depends on the previous ciphertext block when it is encrypted. 3.4 Ciphertext By using encryption technology, the information is hidden and the content is hidden. [GB/T 25069-2010, definition 2.2.2.105] 3.5 Decryption decryption The process of converting ciphertext to plaintext, that is, the corresponding inverse process of encryption. [GB/T 25069-2010, definition 2.2.2.69] 3.6 Dictionary attack dictionaryattack An attack on the cryptosystem in a way that iterates over a given password or key list. For example, using a stored list of specific password values or key values, ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 34944-2017_English be delivered?Answer: Upon your order, we will start to translate GB/T 34944-2017_English as soon as possible, and keep you informed of the progress. The lead time is typically 6 ~ 10 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 34944-2017_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 34944-2017_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
