Abstract
The aim of this paper is to provide secure software using security testing approach. The researchers have reviewed and analyzed the software testing frameworks and software security testing frameworks to efficiently incorporate both of them. Later, the researchers proposed to fully utilize the acceptance testing in software testing framework to achieve by incorporating it in software security testing framework. This incorporation is able to improve the security attribute needed during requirement stage of software development process. The advantage of acceptance test is to expose the system of the real situation, including vulnerability, risk, impacts and the intruders which provide a various set of security attribute to the requirement stage. This finding is recommended to establish a baseline in formulating the test pattern to achieve effective test priority.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Thompson, H.H.: Why Security Testing Is Hard. J. Security & Privacy 1(4), 83–86 (2003)
Venter, H.S., Eloff, J.H.P., Li, Y.L.: Standardising Vulnerability Categories. J. Computers & Security 27(3-4), 71–83 (2008)
Jiwnani, K., Zelkowitz, M.: Maintaining Software With A Security Perspective. In: International Conference on Software Maintenance, pp. 194–203 (2002)
Cho, H.: Using Metaprogramming to Implement a Testing Framework. In: ACM SouthEast Regional Conference. ACM, USA (2009)
Misra, S.: An Empirical Framework For Choosing An Effective Testing Technique For Software Test Process Management. J. Information Technology Management 16(4), 19–26 (2005)
Royce, W.W.: Managing The Development of Large Software Systems. In: IEEE Western Electronic Show and Convention, pp. 1–9 (1970)
Rational Unified Process: Best Practices for Software Development Teams. Rational Software White Paper (2001)
Boehm, B., Brown, W., Turner, R.: Spiral Development Of Software-Intensive Systems Of Systems. In: 27th International Conference of Software Engineering (2005)
Ko, A.J., Myers, B.A.: A Framework And Methodology For Studying The Causes Of Software Errors In Programming Systems. J. Visual Languages & Computing 16(1-2), 41–84 (2005)
Mustafa, K., Khan, R.A.: Software Testing: Concepts and Practices. Alpha Science (2007)
Potter, B., McGraw, G.: Software Security Testing. J. Security & Privacy 2(5), 81–85 (2004)
Boehm, B.: A Spiral Model of Software Development and Enhancement. ACM SIGSOFT Software Engineering Notes 11(4), 14–24 (1986)
Craig, R.D., Jaskiel, S.P.: Systematic Software Testing. Artech House Publishers, Boston (2002)
Microsoft Security Development Lifecycle (SDL) Version 5.0, M. Library, Microsoft, http://msdn.microsoft.com/en-us/library/cc307748.aspx
Myers, G.J.: The Art of Software Testing. Wiley, New York (1979)
Tondel, I.A., Jaatun, M.G., Jensen, J.: Learning from Software Security Testing. In: 8th IEEE International Conference on Software Testing Verification and Validation Workshop, pp. 286–294. IEEE Computer Society, Washington (2008)
Pu-Lin, Y., Jin-Cherng, L.: Toward Precise Measurements Using Software Normalization. In: Proceedings of the 21st International Conference on Software Engineering, pp. 736–737. ACM, Los Angeles (1999)
Xu, L., Xu, B.: A Framework for Web Application Testing. In: International Conference on Cyberworlds, pp. 300–305. IEEE Computer Society, Washington (2004)
Jing, G., Yuqing, L.: Agent-based Distributed Automated Testing Executing Framework. In: International Conference on Computational Intelligence and Software Engineering, pp. 1–5. IEEE Press, Wuhan (2009)
Tsai, W.T., Wei, X., Chen, Y., Paul, R.: A Robust Testing Framework for Verifying Web Services by Completeness and Consistency Analysis. In: Proceedings of the IEEE International Workshop, pp. 159–166. IEEE Computer Society, Washington (2005)
Xie, T., Taneja, K., Kale, S., Marinov, D.: Towards a Framework for Differential Unit Testing of Object-Oriented Programs. In: 2nd International Workshop on Automation of Software Test. IEEE Computer Society, Minneapolis (2007)
Chen, R., Garde, S., Beale, T., Nystrom, M., Karlsson, D., Klein, G.O., Ahlfedlt, H.: An Archetype-based Testing Framework. J. Studies in Health Technology and Informatic 136, 401–406 (2008)
Tang, J., Lo, E.: A Lightweight Framework For Testing Database Applications. In: Symposium on Applied Computing. ACM, New Zealand (2010)
Lin, Y., Zhang, J., Gray, J.: A Testing Framework for Model Transformations. In: Model-Driven Software Development - Research and Practice in Software Engineering, pp. 219–236. Springer, Heidelberg (2005)
Werner, E., Grabowski, J., Troschutz, S., Zeiss, B.: A TTCN-3-based Web Service Test Framework. In: Software Engineering Workshops, pp. 375–382 (2008)
Villarroel, R., Fernández-Medina, E., Piattini, M.: Secure Information Systems Development - A Survey And Comparison. J. Computers & Security 24(4), 308–321 (2005)
Igure, V.M., Williams, R.D.: Taxonomies of Attacks and Vulnerabilities in Computer Systems. J. IEEE Communication Surveys & Tutorials 10(1), 6–19 (2008)
Maatta, J., Harkonen, J., Jokinen, T., Mottonen, M., Belt, P., Muhos, M., Haapasalo, H.: Managing Testing Activities In Telecommunications: A Case Study. J. Eng. Technol. Manage. 26, 73–96 (2009)
Lamsweerde, A.v., Brohez, S., Landtsheer, R.D., Janssens, D.: From System Goals to Intruder Anti-Goals: Attack Generation and Resolution for Security Requirements Engineering. In: Requirements for High Assurance Systems, pp. 49–56 (2003)
Basin, D., Doser, J., Lodderstedt, T.: Model Driven Security: From UML Models To Access Control Infrastructures. ACM Transactions on Software Engineering and Methodology (TOSEM) 15(1), 39–91 (2006)
Yu, E., Liu, L.: Modelling Trust In The i* Strategic Actors Framework. In: Proceedings of the 3rd Workshop on Deception, Fraud and Trust in Agent Societies. LNCS, pp. 175–194. Springer, London (2001)
Giorgini, P., Massacci, F., Mylopoulus, J., Zannone, N.: Modeling Security Requirements Through Ownership, Permission And Delegation. In: 13th IEEE International Conference on Requirements Engineering Proceedings, pp. 167–176. IEEE Computer Society, USA (2005)
Mead, N.R., Stehney, T.: Security Quality Requirements Engineering (SQUARE) Methodology. In: Proceedings of the 2005 Workshop On Software Engineering For Secure Systems- Building Trustworthy Applications, pp. 1–7. ACM, New York (2005)
Mellado, D., Fernández-Medina, E., Piattini, M.: A Common Criteria Based Security Requirements Engineering Process For The Development Of Secure Information Systems. Computer Standards & Interfaces 29(2), 244–253 (2007)
Haley, C.B., Laney, R., Moffett, J.D.: Security Requirements Engineering: A Framework for Representation and Analysis. IEEE Transactions on Software Engineering 34(1), 133–155 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hassan, N.H., Selamat, S.R., Sahib, S., Hussin, B. (2011). Towards Incorporation of Software Security Testing Framework in Software Development. In: Mohamad Zain, J., Wan Mohd, W.M.b., El-Qawasmeh, E. (eds) Software Engineering and Computer Systems. ICSECS 2011. Communications in Computer and Information Science, vol 179. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22170-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-22170-5_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22169-9
Online ISBN: 978-3-642-22170-5
eBook Packages: Computer ScienceComputer Science (R0)