Authors: Gu Tian-yang, Shi Yin-sheng, Fang You-yuan

Abstract:

Software security testing is an important means to ensure software security and trustiness. This paper first mainly discusses the definition and classification of software security testing, and investigates methods and tools of software security testing widely. Then it analyzes and concludes the advantages and disadvantages of various methods and the scope of application, presents a taxonomy of security testing tools. Finally, the paper points out future focus and development directions of software security testing technology.

Keywords: security testing, security functional testing, securityvulnerability testing, testing method, testing tool

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1081389

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 5062

References:

[1] Gary McGraw, Bruce Potter. "Software Security Testing"(J). IEEE Security & Privacy, 2004, 2(5):81-85.
[2] David P. Gilliam, John D. Powell, Matt Bishop. "Application of Lightweight Formal Methods to Software Security"(C). In proc. 14th IEEE International Workshops on Enabling Technologies (WETICE 2005), 13-15 June 2005, Linköping, Sweden.pp.160-165.
[3] Yan Jiong, etc. "Survey of Model-Based Software Testing" Computer Science, 2004.31(2)
[4] Ramaswamy Chandramouli, Mark Blackburn. "Automated Testing of Security Functions Using a Combined Model and Interface-Driven Approach"(C). In proc. 37th Hawaii International Conference on System Sciences (HICSS-37 2004), 5-8 January 2004, Big Island, HI, USA.
[5] Du Wenliang , Mathur A P. "Vulnerability Testing of Software System Using Fault Injection"(R). Coast TR 98-02, 1998.
[6] Du Wenliang, Aditya P. Mathur. "Testing for Software Vulnerability Using Environment Perturbation"(C). In proc. DSN 2000.pp.603-612.
[7] George Fink, Matt Bishop. "Property Based Testing: A New Approach to Testing for Assurance"(J). ACM SIGSOFT Software Engineering Notes, 1997, 22(4):74´¢×80.
[8] Xia Yi-min, etc. "Security Vulnerability Detection Study Based on Static Analysis". Computer Science, 2006.33(10).
[9] Ben Breech, Lori Pollock. "A Framework for Testing Security Mechanisms for Program-Based Attacks"(J). ACM SIGSOFT Software Engineering Notes, 2005, 30(4).
[10] Lieven Desmet, Bart Jacobs, Frank Piessens, Wouter Joosen. "Threat modeling for web services based web applications"(C). In proc. Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK.pp.161-174.
[11] Brad Arkin, Scott Stender, Gary McGraw: "Software Penetration Testing"(J). IEEE Security & Privacy ´╝î2005´╝î3(1): 84-87.
[12] Shi Yin-sheng, Deng Shi-wei, Gu Tian-yang, "Software security testing methods and tools", Computer Engineering and Design, January 2008,Vol.29,pp.27-30