Search CORE

3 research outputs found

Security Testing: A Survey

Author: Abdelnur
Acker
Ammann
Anisetti
Appelt
Arkin
Ayewah
Bachmann
Banks
Bau
Bekrar
Bertolino
Bessey
Bjørner
Botella
Brubaker
Brucker
Brucker
Brucker
Bruno
Buehrer
Büchler
Chess
Chess
Committee on National Security Systems
Dahse
Dahse
Dias-Neto
Doupe
Duchene
d’Amore
Evans
Felderer
Felderer
Felderer
Felderer
Felderer
Foster
Foster
Fourneret
Fu
Gallaher
Garcia
Garvin
Gerrard
Godefroid
Godefroid
Grieskamp
Grossman
Grossmann
Halfond
Halfond
Haller
He
Herzog
Howard
Huang
Huang
Huang
Hubert
Hwang
IEEE
ISO/IEC
ISO/IEC
ISTQB
Jin
Jovanovic
Jovanovic
Kals
Kassab
Kieyzun
Klein
Kongsli
Lanzi
Lehman
Lekies
Leung
Livshits
Lund
Martin
Martin
Mazzone
McGraw
Miller
Minamide
Monate
Morell
Mouelhi
Nguyen-Tuong
NIST
Pietraszek
Pistoia
Potter
Potter
Pretschner
Pretschner
Qi
Rawat
Rogers
Saxena
Saxena
Scandariato
Scarfone
Schieferdecker
Schieferdecker
Schieferdecker
Schwartz
Shahriar
Su
Thompson
Tian-yang
Tripp
Tsankov
Tóth
Utting
Utting
Verdon
Vetterling
Viennot
Wall
Wang
Wassermann
Wassermann
Wendland
Woo
Xie
Yang
Yoo
Yu
Zander
Zech
Zech
Zhao
Zhu
Publication venue: 'Elsevier BV'
Publication date: 01/01/2015
Field of study

Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual security testing techniques is of high value both for researchers to evaluate and refine the techniques and for practitioners to apply and disseminate them. This chapter fulfills this need and provides an overview of recent security testing techniques. For this purpose, it first summarize the required background of testing and security engineering. Then, basics and recent developments of security testing techniques applied during the secure software development lifecycle, i.e., model-based security testing, code-based testing and static analysis, penetration testing and dynamic analysis, as well as security regression testing are discussed. Finally, the security testing techniques are illustrated by adopting them for an example three-tiered web-based business application

Crossref

White Rose Research Online

Coverage-based Test Cases Selection for XACML Policies

Author: Bertolino Antonia
Le Traon Yves
Lonetti Francesca
Marchetti Eda
Mouelhi Tejeddine
Publication venue
Publication date: 01/01/2014
Field of study

XACML is the de facto standard for implementing access control policies. Testing the correctness of policies is a critical task. The test of XACML policies involves running requests and checking manually the correct response. It is therefore important to reduce the manual test effort by automatically selecting the most important requests to be tested. This paper introduces the XACML smart coverage selection approach, based on a proposed XACML policy coverage criterion. The approach is evaluated using mutation analysis and is compared on the one side with a not-reduced test suite, on the other with random and greedy optimal test selection approaches. We performed the evaluation on a set of six real world policies. The results show that our selection approach can reach good mutation scores, while significantly reducing the number of tests to be run

Crossref

Open Repository and Bibliography - Luxembourg