|
US$959.00 · In stock
Delivery: <= 9 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 34943-2017: Source code vulnerability testing specification for C/C++
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 34943-2017 | English | 959 |
Add to Cart
|
9 days [Need to translate]
|
Source code vulnerability testing specification for C/C++
| Valid |
GB/T 34943-2017
|
PDF similar to GB/T 34943-2017
Basic data | Standard ID | GB/T 34943-2017 (GB/T34943-2017) | | Description (Translated English) | Source code vulnerability testing specification for C/C++ | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L77 | | Classification of International Standard | 35.080 | | Word Count Estimation | 48,434 | | Date of Issue | 2017-11-01 | | Date of Implementation | 2018-05-01 | | Regulation (derived from) | National Standard Announcement 2017 No. 29 | | Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China | GB/T 34943-2017: Source code vulnerability testing specification for C/C++---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Source code vulnerability testing specification for C/C
ICS 35.080
L77
National Standards of People's Republic of China
C/C language source code vulnerability testing specification
Posted.2017-11-01
2018-05-01 implementation
General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China
China National Standardization Administration released
Directory
Foreword Ⅲ
Introduction IV
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Abbreviations 3
5 source code loopholes in the general test 4
5.1 source code vulnerability testing purposes 4
5.2 source code vulnerability testing process 4
5.3 source code vulnerability management test 5
5.4 source code vulnerability testing tools 7
5.5 source code vulnerability testing document 7
6 source code vulnerability testing content 7
6.1 source code vulnerability classification 7
6.2 Source Code Vulnerability Description 7
Appendix A (informative) C/C language source code vulnerability test case 37
Appendix B (informative) C/C language source code Vulnerability categories and names 42
References 44
Foreword
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Please note that some of this document may be patentable. The issuing agencies of this document do not bear the responsibility of identifying these patents.
This standard by the National Information Technology Standardization Technical Committee (SAC/TC28) and focal point.
This standard was drafted unit. Zhuhai Southern Software Network Evaluation Center, Zhuhai Zhonghui Microelectronics Co., Ltd., Guangdong Province, the basic conditions for science and technology
Taiwan Center, China Electronics Standardization Institute, Shanghai-side computer technology Co., Ltd., Nanchang Jinlu Software Park Software Evaluation Training
Co., Ltd., National Application Software Product Quality Supervision and Inspection Center, Zhuhai Software Industry Association, Eastcompeace Technology Co., Ltd., Nanjing
the University.
The main drafters of this standard. Hou Jianhua, Deng Renyi, Wang Zhongfu, Huang Zhaosen, Yang Shangyuan, Zhang 旸 旸, Zhao Changping, Zhang Ziliang, Li Lu, Xiao Xiao,
Chen Zhenyu, Zhang Yuxia, Liang Jianxin, Jiang Shupeng, Zhou Yue, Ren Pei, Yang Xuejun.
Introduction
C language is a process-oriented programming language, widely used in the development of system software and embedded software. This standard C
Language syntax follows ISO /IEC 9899.2011. C language is an object-oriented programming language, it is based on the C language
On the development of C language with many of the same syntax is widely used in the development of system software and application software. This standard C
The language syntax follows the ISO /IEC 14882.2011 syntax standard. As we all know, due to various human factors, each software source code
Will inevitably exist loopholes, and software information disclosure, data or code malicious tampering and other security incidents are generally associated with the source code loopholes
turn off. To minimize the vulnerability in C/C source code, it is necessary to develop a source code vulnerability for C/C programs
Test Specification.
Source code Vulnerability testing can be implemented after software coding activities in the development process, or during operation and maintenance.
This standard loopholes classification and loopholes mainly refer to the MITER company released CWE (CommonWeaknessEnu-
meration), combined with the current industry mainstream automated static analysis tools found in the test of the typical loopholes to determine the progress
Line description.
Note. The standard vulnerability reference CWE2.9 version, the sample code applies to the selected case of this standard.
This standard only for automated static analysis tools to support the key vulnerabilities to illustrate the application of this standard to carry out source code vulnerability testing
Vulnerability should be tailored and supplemented according to actual needs.
C/C language source code vulnerability testing specification
1 Scope
This standard specifies the C/C language source code vulnerability testing of the test and test content.
This standard applies to developers or third-party agencies testers using automated static analysis tools carried out C/C language source
Code loopholes in testing activities, C/C programming and coding staff and source code vulnerability testing tools designers can also refer to
use.
2 Normative references
The following documents for the application of this document is essential. For dated references, only the dated version applies to this article
Pieces. For undated references, the latest edition (including all amendments) applies to this document.
Information technology - Software engineering terminology
Computer software test specification
GB/T 20158-2006 Information technology software life cycle process configuration management (ISO /IEC TR15846.1998, IDT)
3 Terms and definitions
GB/T 11457 and defined by the following terms and definitions apply to this document.
3.1
Access control accesscontrol
A means to ensure that resources of a data processing system can only be accessed by authorized entities on an authorized basis.
[GB/T 25069-2010, definition 2.2.1.42]
3.2
Attack attack
Attempt (including theft of data) to destroy, compromise, alter, or disable a system or information in an information system.
[GB/T 25069-2010, Definition 2.2.1.58]
3.3
Password packet link cipherblockchaining
When encrypting information, each ciphertext block relies on the previous ciphertext block when it is encrypted.
3.4
Ciphertext
The use of encryption technology, the transformation, the information content is hidden data.
[GB/T 25069-2010, definition 2.2.2.105]
3.5
Decryption decryption
The ciphertext is converted to plaintext processing, that is, the corresponding reverse process of encryption.
[GB/T 25069-2010, definition 2.2.2.69]
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 34943-2017_English be delivered?Answer: Upon your order, we will start to translate GB/T 34943-2017_English as soon as possible, and keep you informed of the progress. The lead time is typically 6 ~ 9 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 34943-2017_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 34943-2017_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|