[ PDF |
DOI |
BibTeX |
EndNote |
RIS |
Word ]
Security Testing: A Survey
By Michael Felderer, Matthias Büchler, Martin Johns, Achim D. Brucker, Ruth Breu, and Alexander Pretschner.
Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual security testing techniques is of high value both for researchers to evaluate and refine the techniques and for practitioners to apply and disseminate them. This chapter fulfills this need and provides an overview of recent security testing techniques. For this purpose, it first summarize the required background of testing and security engineering. Then, basics and recent developments of security testing techniques applied during the secure software development lifecycle, i.e., model-based security testing, code-based testing and static analysis, penetration testing and dynamic analysis, as well as security regression testing are discussed. Finally, the security testing techniques are illustrated by adopting them for an example three-tiered web-based business application.
Please cite this work as follows: M. Felderer, M. Büchler, M. Johns, A. D. Brucker, R. Breu, and A. Pretschner, “Security testing: A survey,” Advances in Computers, vol. 101, pp. 1–51, Mar. 2016, doi: 10.1016/bs.adcom.2015.11.003. Author copy: https://logicalhacking.com/publications/felderer.ea-security-testing-2016/
BibTeX
@Article{ felderer.ea:security-testing:2016,
author = {Michael Felderer and Matthias B{\"u}chler and Martin Johns
and Achim D. Brucker and Ruth Breu and Alexander Pretschner},
language = {USenglish},
title = {Security Testing: A Survey},
areas = {software, security},
year = {2016},
journal = {Advances in Computers},
volume = {101},
month = {mar},
editor = {Ali Hurson and Atif Memon},
num_pages = {51},
pages = {1--51},
doi = {10.1016/bs.adcom.2015.11.003},
publisher = {Academic Press},
isbn = {978-0-12-805158-0},
abstract = {Identifying vulnerabilities and ensuring security
functionality by security testing is a widely applied measure
to evaluate and improve the security of software. Due to the
openness of modern software-based systems, applying
appropriate security testing techniques is of growing
importance and essential to perform effective and efficient
security testing. Therefore, an overview of actual security
testing techniques is of high value both for researchers to
evaluate and refine the techniques and for practitioners to
apply and disseminate them. This chapter fulfills this need
and provides an overview of recent security testing
techniques. For this purpose, it first summarize the required
background of testing and security engineering. Then, basics
and recent developments of security testing techniques applied
during the secure software development lifecycle, i.e.,
model-based security testing, code-based testing and static
analysis, penetration testing and dynamic analysis, as well as
security regression testing are discussed. Finally, the
security testing techniques are illustrated by adopting them
for an example three-tiered web-based business application.},
note = {Author copy: \url{https://logicalhacking.com/publications/felderer.ea-security-testing-2016/}},
pdf = {https://logicalhacking.com/publications/felderer.ea-security-testing-2016/felderer.ea-security-testing-2016.pdf},
}