Software Security Testing Process: Phased Approach

  • Suhel Ahmad Khan
  • Raees Ahmad Khan
Part of the Communications in Computer and Information Science book series (CCIS, volume 276)


Early identification of defects and prevention of defects migration are key goals of the software security testing process. Early integration of security testing activities into the development lifecycle leads to secure software development. The prescribed key activities of security testing are closely interconnected with security development life cycle to deliver secure software. Software test process elaborates various testing activities and describes which activity is to be carried out when. Given the need and significance of phased approach of security testing, this paper proposes different testing activities to be carried out while integrating it within the security development life cycle.


Software Security Testing Security Test Life Cycle Security Test Cases 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abrams, M.D.: FAA System Security Testing and Evaluation. MITRE Technical Report (May 2003) Google Scholar
  2. 2.
    Turpe, S.: Security Testing: Turning Practice into Theory. In: IEEE International Conference on Software Testing, Verification and Validation Workshop (ICSTW 2008). IEEE Computer Society (2008)Google Scholar
  3. 3.
    He, K., Feng, Z., Li, X.: An Attack Scenario Based Approach for Software Security Testing at Design Stage. In: 2008 International Symposium on Computer Science and Computational Technology, pp. 782–787. IEEE Computer Society (2008)Google Scholar
  4. 4.
    Gu, T.-Y., Shi, Y.-S., Fang, Y.-U.: Research on Software Security Testing. World Academy of Science, Engineering and Technology, 647–651 (2010)Google Scholar
  5. 5.
    Software Security Testing, Software Assurance Pocket Guide Series: Development, Volume III, Version 1.0 (May 21, 2012)Google Scholar
  6. 6.
    Potter, B., McGraw, G.: Software Security Testing. IEEE Security & Privacy, 32–36 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Suhel Ahmad Khan
    • 1
  • Raees Ahmad Khan
    • 1
  1. 1.Department of Information TechnologyBabasaheb Bhimrao Ambedkar University (A Central University)LucknowIndia

Personalised recommendations