Title :
Learning from Software Security Testing
Author :
Tondel, Inger Anne ; Jaatun, Martin Gilje ; Jensen, Jostein
Author_Institution :
Dept. of Software Eng., Safety & Security, SINTEF Inf. & Commun. Technol., Trondheim
Abstract :
Software security testing tools and methodologies are presently abundant, and the question no longer seems to be "if to test" for security, but rather "where and when to test" and "then what?". In this paper we present a review of security testing literature, and propose a software security testing scheme that exploits an intra-organisational repository of discovered vulnerabilities that closes the loop after the testing of one application is complete, providing useful input to the next application to be tested.
Keywords :
program testing; security of data; intra-organisational repository; software products; software security testing; Application software; Communications technology; Information security; Internet; Programming; Quality assurance; Software performance; Software safety; Software testing; Software tools;
Conference_Titel :
Software Testing Verification and Validation Workshop, 2008. ICSTW '08. IEEE International Conference on
Conference_Location :
Lillehammer
Print_ISBN :
978-0-7695-3388-9
DOI :
10.1109/ICSTW.2008.25
