Towards Incorporation of Software Security Testing Framework in Software Development

The aim of this paper is to provide secure software using security testing approach. The researchers have reviewed and analyzed the software testing frameworks and software security testing frameworks to efficiently incorporate both of them. Later, the researchers proposed to fully utilize the acceptance testing in software testing framework to achieve by incorporating it in software security testing framework. This incorporation is able to improve the security attribute needed during requirement stage of software development process. The advantage of acceptance test is to expose the system of the real situation, including vulnerability, risk, impacts and the intruders which provide a various set of security attribute to the requirement stage. This finding is recommended to establish a baseline in formulating the test pattern to achieve effective test priority

Model Based Security Testing for Autonomous Vehicles

The purpose of this dissertation is to introduce a novel approach to generate a security test suite to mitigate malicious attacks on an autonomous system. Our method uses model based testing (MBT) methods to model system behavior, attacks and mitigations as independent threads in an execution stream. The threads intersect at a rendezvous or attack point. We build a security test suite from a behavioral model, an attack type and a mitigation model using communicating extended finite state machine (CEFSM) models. We also define an applicability matrix to determine which attacks are possible with which states. Our method then builds a comprehensive test suite using edge-node coverage that allows for systematic testing of an autonomous vehicle

Learning From Software Security Testing

Software security testing tools and methodologies are presently abundant, and the question no longer seems to be ``if to test'' for security, but rather ``where and when to test'' and ``then what?''. In this paper we present a review of security testing literature, and propose a software security testing scheme that exploits an intra-organisational repository of discovered vulnerabilities that closes the loop after the testing of one application is complete, providing useful input to the next application to be tested.Learning From Software Security Testin

Learning From Software Security Testing

Software security testing tools and methodologies are presently abundant, and the question no longer seems to be ``if to test'' for security, but rather ``where and when to test'' and ``then what?''. In this paper we present a review of security testing literature, and propose a software security testing scheme that exploits an intra-organisational repository of discovered vulnerabilities that closes the loop after the testing of one application is complete, providing useful input to the next application to be tested