Leveraging Risk Based Testing in Enterprise Systems Security Validation

Author

Murthy, K. Krishna ; Thakkar, Kalpesh R. ; Laxminarayan, Shirsh

fYear

2009

fDate

11-16 Oct. 2009

Firstpage

111

Lastpage

116

Abstract

As the security breaches continue to grow, and as project teams become larger and more distributed the cost of testing the security of the software systems will increase rapidly. Companies that take the time to test the security of their software systems before releasing it to production are at a disadvantage because of higher costs and potential late arrival to the market. On the other side of the fence additional financial incentives may come from customers demanding a certain level of security testing from a software supplier, before agreeing to sign a contract to purchase their products. This document discusses and provides information on proven risk based techniques for software security testing that provides the test coverage needed while maintaining the time to market under competitive cost pressures without compromising security.

Keywords

incentive schemes; program testing; security of data; enterprise systems security validation; financial incentives; leveraging risk based testing; software security testing; software supplier; software system security; Companies; Contracts; Costs; Information security; Production systems; Software maintenance; Software systems; Software testing; System testing; Time to market; Abuse Cases; Application Security; Risk Based Testing; Threat Modeling;

fLanguage

English

Publisher

ieee

Conference_Titel

Emerging Network Intelligence, 2009 First International Conference on

Conference_Location

Sliema

Print_ISBN

978-0-7695-3835-8

Electronic_ISBN

978-0-7695-3835-8

Type

conf

DOI

10.1109/EMERGING.2009.28

Filename

5369993