Security Testing: Myths, Challenges, and Opportunities
Achim D. Brucker
Security testing is an important part of any security development lifecycle (SDL) and, thus, should be a part of any software (development) lifecycle. Still, security testing is often understood as an activity done by security testers in the time between "end of development" and "offering the product to customers."
On the one hand, learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, security testing should be integrated into the daily development activities. On the other hand, developing software for the cloud and offering software in the cloud raises the need for security testing in a "close-to-production" or even production environment. Consequently, we need an end-to-end integration of security testing into the software lifecycle.
In this talk, we will report on our experiences on integrating security testing "end-to-end" into SAP's software development lifecycle in general and, in particular, SAP's Secure Software Development Lifecycle (Stextsuperscript2DL). Moreover, we will discuss different myths, challenges, and opportunities in the are security testing.
Schlüsselwörter:
Kategorien:
Dokumente:
Bitte zitieren sie diesen Artikel wie folgt:
Achim D. Brucker.
Security Testing: Myths, Challenges, and Opportunities. Keynote: 6th international Workshop on Security Testing (SECTEST), 13. apr. 2015. Invited Keynote.
(Folien) (Handout) (BibTeX) (
)
| abstract | = | {Security testing is an important part of any security development lifecycle (SDL) and, thus, should be a part of any software (development) lifecycle. Still, security testing is often understood as an activity done by security testers in the time between ``end of development'' and ``offering the product to customers.''\\\\On the one hand, learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, security testing should be integrated into the daily development activities. On the other hand, developing software for the cloud and offering software in the cloud raises the need for security testing in a ``close-to-production'' or even production environment. Consequently, we need an end-to-end integration of security testing into the software lifecycle.\\\\In this talk, we will report on our experiences on integrating security testing ``end-to-end'' into SAP's software development lifecycle in general and, in particular, SAP's Secure Software Development Lifecycle (S\textsuperscript{2}DL). Moreover, we will discuss different myths, challenges, and opportunities in the are security testing.}, | |
| author | = | {Achim D. Brucker}, | |
| day | = | {13}, | |
| event | = | {Keynote: 6th international Workshop on Security Testing (SECTEST)}, | |
| handout | = | {https://www.brucker.ch/bibliography/download/2015/talk-brucker-sectest-2015-2x2.pdf}, | |
| isodate | = | {2015-04-13}, | |
| lecturer | = | {Achim D. Brucker}, | |
| location | = | {Graz, Austria}, | |
| month | = | {apr}, | |
| note | = | {Invited Keynote.}, | |
| rlideshare_width | = | {425}, | |
| slides | = | {https://www.brucker.ch/bibliography/download/2015/talk-brucker-sectest-2015.pdf}, | |
| slideshare | = | {key/oeasYMZ6rCqEVp}, | |
| slideshare_height | = | {355}, | |
| title | = | {Security Testing: Myths, Challenges, and Opportunities}, | |
| url | = | {https://www.brucker.ch/bibliography/abstract/talk-brucker-sectest-2015}, | |
| year | = | {2015}, |