DocumentCode
2165356
Title
Learning from Software Security Testing
Author
Tondel, Inger Anne ; Jaatun, Martin Gilje ; Jensen, Jostein
Author_Institution
Dept. of Software Eng., Safety & Security, SINTEF Inf. & Commun. Technol., Trondheim
fYear
2008
fDate
9-11 April 2008
Firstpage
286
Lastpage
294
Abstract
Software security testing tools and methodologies are presently abundant, and the question no longer seems to be "if to test" for security, but rather "where and when to test" and "then what?". In this paper we present a review of security testing literature, and propose a software security testing scheme that exploits an intra-organisational repository of discovered vulnerabilities that closes the loop after the testing of one application is complete, providing useful input to the next application to be tested.
Keywords
program testing; security of data; intra-organisational repository; software products; software security testing; Application software; Communications technology; Information security; Internet; Programming; Quality assurance; Software performance; Software safety; Software testing; Software tools;
fLanguage
English
Publisher
ieee
Conference_Titel
Software Testing Verification and Validation Workshop, 2008. ICSTW '08. IEEE International Conference on
Conference_Location
Lillehammer
Print_ISBN
978-0-7695-3388-9
Type
conf
DOI
10.1109/ICSTW.2008.25
Filename
4567022
Link To Document