Developing Secure Software: A Holistic Approach to Security Testing

By Ruediger Bachmann and Achim D. Brucker.

Security vulnerabilities are a serious threat to software vendors and their customers: they can result in both monetary loss as well as loss of reputation. Thus, implementing a rigid secure software development lifecycle is a competitive advantage for a software vendor.

A holistic security testing approach must cover the whole software development lifecycle across all software products and all security threats. In this article, we discuss a holistic security testing approach that was developed at SAP, a large vendor of enterprise software.

Keywords:
Security Testing, Static Code Analysis, Treat Modelling, Secure Software Development Life-Cycle

Please cite this work as follows:
R. Bachmann and A. D. Brucker, “Developing secure software: A holistic approach to security testing,” Datenschutz und Datensicherheit (DuD), vol. 38, no. 4, pp. 257–261, Apr. 2014, doi: 10.1007/s11623-014-0102-0. Author copy: https://logicalhacking.com/publications/bachmann.ea-security-testing-2014/

BibTeX
@Article{ bachmann.ea:security-testing:2014,
  author   = {Ruediger Bachmann and Achim D. Brucker},
  title    = {Developing Secure Software: A Holistic Approach to Security
              Testing},
  journal  = {Datenschutz und Datensicherheit (DuD)},
  month    = {apr},
  volume   = {38},
  number   = {4},
  doi      = {10.1007/s11623-014-0102-0},
  pages    = {257--261},
  year     = {2014},
  keywords = {Security Testing, Static Code Analysis, Treat Modelling,
              Secure Software Development Life-Cycle},
  abstract = {Security vulnerabilities are a serious threat to software
              vendors and their customers: they can result in both monetary
              loss as well as loss of reputation. Thus, implementing a rigid
              secure software development lifecycle is a competitive
              advantage for a software vendor.
              
              A holistic security testing approach must cover the whole
              software development lifecycle across all software products
              and all security threats. In this article, we discuss a
              holistic security testing approach that was developed at SAP,
              a large vendor of enterprise software.},
  areas    = {security, software},
  note     = {Author copy: \url{https://logicalhacking.com/publications/bachmann.ea-security-testing-2014/}},
  pdf      = {https://logicalhacking.com/publications/bachmann.ea-security-testing-2014/bachmann.ea-security-testing-2014.pdf},
}