Security Testing: A Survey

Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual security testing techniques is of high value both for researchers to evaluate and refine the techniques and for practitioners to apply and disseminate them. This chapter fulfills this need and provides an overview of recent security testing techniques. For this purpose, it first summarize the required background of testing and security engineering. Then, basics and recent developments of security testing techniques applied during the secure software development lifecycle, i.e., model-based security testing, code-based testing and static analysis, penetration testing and dynamic analysis, as well as security regression testing are discussed. Finally, the security testing techniques are illustrated by adopting them for an example three-tiered web-based business application

Model-Based Security Testing

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582

Automation vulnerability disclosure using concolic testing and machine learning

Security testing is important stage of software development life cycle. However, security testing requires considerable time from highly skilled security experts. The aim of the article is to describe techniques for reducing the number of false positives and false negatives in the automation vulnerability disclosure process. This paper is about an approach for software vulnerabilities discovery using concolic testing and machine learning techniques. Machine learning techniques are used to reduce the number of execution paths during concolic testing. This approach can be used to automate security testing. In this paper, security test cases and traces of previous version of software and similar software are used for training dataset for our models. This scheme of automation vulnerability disclosure will be used to build automation security testing system of software

Software Testing for cyber Security

Software testing plays a vital role in software security because hackers attack on a system through back channels which they can easily find if there is any error or bug exists in the software. The software security failure can cause the unbearable loss for IT companies and other organizations. Cyber security is another big issue for computer users' personal data as all their information is vulnerable because of easy excess, visibility and availability. Therefore, software testing is also useful to secure the personal information. In this article, cyber security testing based on particle swam optimization algorithm (CST) is proposed for testing of software cyber security testing. CSTPSOA is a PSO base technique which is used to solve the complex multi-level problems and is also used for optimization. In the CST method PSO is used for the optimization of test cases for cyber security testing

Analysis of Different Software Security Testing Techniques, Benefits, Challenges and Life Cycle

Security testing is the software testing technique which makes sure that the system or application software which is developed is free from security threats and cannot be hacked by the hacker. Once an application or software us developed, once the final product is tested for all its functions, components etc it is also important to test for its privacy and security. If the system is not secure enough, then it can easily be attacked and hacked and all the sensitive data and information will be exploited by the hacker and use them in their favour. There are variety of security testing which will be discussed in this paper. The security testing has few requirements like testing the integrity, confidentiality, authorisation, availability etc. The security elements of the system depend upon the security features being implemented in the system so the testing process will also be different for each system. The various techniques and approaches can be explained by Security taxonomy. The paper will discuss elements of security testing, methodologies, pros and cons of security testing, etc

Adapting software testing techniques to enhance software security

Bos, H.J. [Promotor]Giuffrida, C. [Copromotor