CFP last date
20 January 2025
Reseach Article

A Categorized Review on Software Security Testing

by Neha Mahendra, Suhel Ahmad Khan
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 154 - Number 1
Year of Publication: 2016
Authors: Neha Mahendra, Suhel Ahmad Khan
10.5120/ijca2016912023

Neha Mahendra, Suhel Ahmad Khan . A Categorized Review on Software Security Testing. International Journal of Computer Applications. 154, 1 ( Nov 2016), 21-25. DOI=10.5120/ijca2016912023

@article{ 10.5120/ijca2016912023,
author = { Neha Mahendra, Suhel Ahmad Khan },
title = { A Categorized Review on Software Security Testing },
journal = { International Journal of Computer Applications },
issue_date = { Nov 2016 },
volume = { 154 },
number = { 1 },
month = { Nov },
year = { 2016 },
issn = { 0975-8887 },
pages = { 21-25 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume154/number1/26456-2016912023/ },
doi = { 10.5120/ijca2016912023 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:59:04.204128+05:30
%A Neha Mahendra
%A Suhel Ahmad Khan
%T A Categorized Review on Software Security Testing
%J International Journal of Computer Applications
%@ 0975-8887
%V 154
%N 1
%P 21-25
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The main objective of security testing is to check the weaknesses of the implemented security mechanism. It is done for finding the vulnerabilities of a system and to determine whether the system is protected from intruders or not. Security testing can be done prior to production or after the production of the system. But, if the security testing is done after the production, then cost will be more and the huge amount of rework will be required to remove the problems. Also the time between the vulnerability is get known and the malicious attack against it, is becoming less. Therefore it is required to include the security testing in the early phases of software development life cycle. The present paper deals with the review of software security testing approaches and techniques proposed so far. The review is presented in a categorized way and tabulated for the last one and half decade (2000-2015).

References
  1. Sattarova Feruza Y. and Prof.Tao-hoon Kim, “IT Security Review: Privacy, Protection, Access Control, Assurance and System Security” International Journal of Multimedia and Ubiquitous Engineering, Vol. 2, No. 2, April, 2007.
  2. Https://Www.Owasp.Org/Index.Php/Testing_Guide_Introduction, last accessed: 23 August 2016.
  3. Michael Howard and Steve Lipner. The Security Development Lifecycle: SDL, a Process for Developing Demonstrably More Secure Software. Microsoft Press, 2006.
  4. S. Lipner, "The trustworthy computing security development lifecycle," Computer Security Applications Conference, 2004. 20th Annual, 2004, pp. 2-13.
  5. Chris Wysopal, Luke Nelson, Elfriede Dustin, Lucas Nelson, and Dino Dai Zovi. The Art of Software Security Testing. Addison-Wesley, 2006.
  6. Bruce Potter, Gary Mcgraw, “Software Security Testing”, IEEE Computer Society, October 2004
  7. Stig F. Mjolsnes, “A Multidisciplinary Introduction to Information Security”, CRC press, 2012.
  8. K. Jiwnani and M. Zelkowitz, "Maintaining software with a security perspective," Software Maintenance, 2002. Proceedings. International Conference on, 2002, pp. 194-203.
  9. J. A. Wang, "Security testing in software engineering courses," Frontiers in Education, 2004. FIE 2004. 34th Annual, 2004, pp. F1C-13-18 Vol. 2.
  10. K. Karppinen, R. Savola, M. Rapeli and E. Tikkala, "Security Objectives within a Security Testing Case Study," Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on, Vienna, 2007, pp. 1060-1065.
  11. I. A. Tondel, M. G. Jaatun and J. Jensen, "Learning from Software Security Testing," Software Testing Verification and Validation Workshop, 2008. ICSTW '08. IEEE International Conference on, Lillehammer, 2008, pp. 286-294.
  12. R. Hassan, M. Eltoweissy, S. Bohner and S. El-Kassas, "Formal analysis and design for engineering security automated derivation of formal software security specifications from goal-oriented security requirements," in IET Software, vol. 4, no. 2, pp. 149-160, April 2010.
  13. C. Rudolph and A. Fuchs, "Redefining Security Engineering," 2012 5th International Conference on New Technologies, Mobility and Security (NTMS), Istanbul, 2012, pp. 1-6.
  14. S.A.Khan and R.A.Khan, ”software security testing process: phase approach” In: A.Agarwal etal (Eds): IITM 2013. CCIS 276. pp. 2011-2017, 2013 c Springar-verlag Berlin Heidelbarg 2013.
  15. Suhel Ahmad Khan, Raees Ahmad Khan,” ,”software security testing process”, UACEE International Journal of Advances in Computer Science and its Applications – IJCSIA Volume 3 : Issue 2 [ISSN 2250 – 3765], June 2013.
  16. D. Byers and N. Shahmehri, "Design of a Process for Software Security," Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on, Vienna, 2007, pp. 301-309.
  17. Zhanwei Hui, Song Huang, Bin Hu and Yi Yao, "Software security testing based on typical SSD: A case study," 2010 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), Chengdu, 2010, pp. V2-312-V2-316.
  18. S. J. Lincke, T. H. Knautz and M. D. Lowery, "Designing System Security with UML Misuse Deployment Diagrams," Software Security and Reliability Companion (SERE-C), 2012 IEEE Sixth International Conference on, Gaithersburg, MD, 2012, pp. 57-61.
  19. T. Kobashi, N. Yoshioka, T. Okubo, H. Kaiya, H. Washizaki and Y. Fukazawa, "Validating Security Design Patterns Application Using Model Testing," Availability, Reliability and Security (ARES), 2013 Eighth International Conference on, Regensburg, 2013, pp. 62-71.
  20. Andrea Avancini , Mariano Ceccato, “Towards security testing with taint analysis and genetic algorithms” Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, Pages 65-71, ACM New York, NY, USA ©2010, ISBN: 978-1-60558-965-7 doi>10.1145/1809100.1809110.
  21. B. Smith, "Systematizing security test case planning using functional requirements phrases," 2011 33rd International Conference on Software Engineering (ICSE), Honolulu, HI, 2011, pp. 1136-1137.
  22. A. Rein, C. Rudolph, J. F. Ruiz and M. Arjona, "Introducing Security Building Block Models," BioMedical Computing (BioMedCom), 2012 ASE/IEEE International Conference on, Washington, DC, 2012, pp. 132-139.
  23. J. Bozic and F. Wotawa, "Security Testing Based on Attack Patterns," Software Testing, Verification and Validation Workshops (ICSTW), 2014 IEEE Seventh International Conference on, Cleveland, OH, 2014, pp. 4-11.
  24. L. b. Othmane, P. Angin and B. Bhargava, "Using Assurance Cases to Develop Iteratively Security Features Using Scrum," Availability, Reliability and Security (ARES), 2014 Ninth International Conference on, Fribourg, 2014, pp. 490-497.
  25. Gu Tian-yang, Shi Yin-sheng, and Fang You-yuan , “Research on Software Security Testing”, World Academy of Science, Engineering and Technology 69 2010.
  26. Smriti Jain, Maya Ingle, “A Review of Security Metrics in Software Development Process”, (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 2 (6), 2011, 2627-2631, ISSN: 0975-9646.
  27. Hossian Shahriar, Mohammad Zulkernine, “Mitigating program security vulnerabilities: Approaches and challenges”, ACM Computing Surveys (CSUR), Volume 44 Issue 3, June 2012 Article No. 11, ACM New York, NY, USA, ISSN: 0360-0300 EISSN: 1557-7341.
Index Terms

Computer Science
Information Sciences

Keywords

Security testing software development life cycle SDLC phase