Webservice based vulnerability testing framework

Software security is no longer just a problem for software designers, developers and testers. Almost all the white-collar crimes are based on computer security. Many research papers are published on static code analysis, dynamic code analysis and software development design time security issues. This paper proposes a framework for testing security vulnerabilities based on publicly known security vulnerabilities database. After vulnerabilities are found in application, the security tester uses Penetration testing tools to test the security flow. The Vulnerability Orchestration framework gets the vulnerability priority from the VulnerabilityTracker webservice. The Webservice collects the vulnerability attacks from the security Vulnerabilities database and update test case priority signature in the web service. The framework runs the test cases based on VulnerabilityTracker web service as part of the build process and execute security test suites for every build. The security tester adds the new test cases whenever they find a new vulnerability.