Felderer, M., Büchlein, M., Johns, M. et al. (3 more authors) (2015) Security Testing: A Survey. In: Memon, A., (ed.) Advances in Computers, Volume 101. Elsevier , Cambridge, MA, USA , pp. 1-51. ISBN 9780128051580
Abstract
Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual security testing techniques is of high value both for researchers to evaluate and refine the techniques and for practitioners to apply and disseminate them. This chapter fulfills this need and provides an overview of recent security testing techniques. For this purpose, it first summarize the required background of testing and security engineering. Then, basics and recent developments of security testing techniques applied during the secure software development lifecycle, i.e., model-based security testing, code-based testing and static analysis, penetration testing and dynamic analysis, as well as security regression testing are discussed. Finally, the security testing techniques are illustrated by adopting them for an example three-tiered web-based business application.
Metadata
Item Type: | Book Section |
---|---|
Authors/Creators: |
|
Editors: |
|
Copyright, Publisher and Additional Information: | © 2016 Elsevier. This is an author produced version of a paper subsequently published in 'Advances in Computers Vol.101'. Uploaded in accordance with the publisher's self-archiving policy. Article available under the terms of the CC-BY-NC-ND licence (https://creativecommons.org/licenses/by-nc-nd/4.0/) |
Keywords: | Security testing; Security testing techniques; Model-based security testing; White-box security testing; Black-box security testing; Penetration testing; Security regression testing; Security engineering; Software testing; Survey |
Dates: |
|
Institution: | The University of Sheffield |
Academic Units: | The University of Sheffield > Faculty of Engineering (Sheffield) > Department of Computer Science (Sheffield) |
Depositing User: | Symplectic Sheffield |
Date Deposited: | 09 Mar 2016 14:26 |
Last Modified: | 07 Jan 2017 16:16 |
Published Version: | http://dx.doi.org/10.1016/bs.adcom.2015.11.003 |
Status: | Published |
Publisher: | Elsevier |
Refereed: | Yes |
Identification Number: | 10.1016/bs.adcom.2015.11.003 |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:95628 |