• DocumentCode
    1127977
  • Title

    Software security testing

  • Author

    Potter, Ben ; McGraw, Gary

  • Author_Institution
    Booz, Allen & Hamilton Inc., USA
  • Volume
    2
  • Issue
    5
  • fYear
    2004
  • Firstpage
    81
  • Lastpage
    85
  • Abstract
    Testing software security is a commonly misunderstood task. Done properly, it goes deeper than simple black-box probing on the presentation layer (the sort performed by so-called application security tools) - and even beyond the functional testing of security apparatus. Testers must use risk-based approaches, grounded in both the system´s architectural reality and the attacker´s mindset, to gauge software security adequately. By identifying risks in the system and creating tests driven by those risks, a software security tester can properly focus on areas of code in which an attack is likely to succeed. This approach provides a higher level of software security assurance than is possible with classical black-box testing.
  • Keywords
    program testing; risk analysis; security of data; attacker mindset; risk-based approaches; software security testing; system architecture; Computer errors; Computer security; Data security; Performance evaluation; Risk analysis; Risk management; Software performance; Software testing; System testing; Timing; black-box testing; software development cycle;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2004.84
  • Filename
    1341418
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1127977