• DocumentCode
    3514020
  • Title

    Towards a practical and effective security testing methodology

  • Author

    Prandini, Marco ; Ramilli, Marco

  • Author_Institution
    Dipt. di Elettron. Inf. e Sist., Univ. di Bologna, Bologna, Italy
  • fYear
    2010
  • fDate
    22-25 June 2010
  • Firstpage
    320
  • Lastpage
    325
  • Abstract
    Security testing is an important step in the lifetime of both newly-designed and existing systems. Different methodologies exist to guide testers to the selection, design, and implementation of the most appropriate testing procedures for various contexts. Typically, each methodology stems from the specific needs of a particular category of actors, and consequently is biased towards some aspect of peculiar interest to them. This work compares the most commonly adopted methodologies to point out their strengths and weaknesses, and, building on the results of the performed analysis, proposes a path towards the definition of an integrated approach, by defining the characteristics that a new methodology should exhibit in order to combine the best aspects of the existing ones.
  • Keywords
    Guidelines; Manuals; Planning; Security; TV; Testing; Writing; GNST; ISSAF; OEVT; OSSTMM; security testing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computers and Communications (ISCC), 2010 IEEE Symposium on
  • Conference_Location
    Riccione, Italy
  • ISSN
    1530-1346
  • Print_ISBN
    978-1-4244-7754-8
  • Type

    conf

  • DOI
    10.1109/ISCC.2010.5546813
  • Filename
    5546813