A systematic classification of security regression testing approaches

Felderer, Michael; Fourneret, Elizabeta

doi:10.1007/s10009-015-0365-2

Cited by 35 publications

(23 citation statements)

References 59 publications

(77 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Risk assessment can be used to develop risk-based testing approaches [14], which can guide decisions during testing, and for instance help to select and prioritize security regression tests [13]. Baca et al [3] shows that using a risk analysis approach, it s possible to find more severe risks, besides, more advanced skills and a deeper awareness of the problems become available.…”

Section: Recommendations For Researchmentioning

confidence: 99%

How is Security Testing Done in Agile Teams? A Cross-Case Analysis of Four Software Teams

Cruzes

Felderer

Oyetoyan

et al. 2017

Lecture Notes in Business Information Processing

Self Cite

View full text Add to dashboard Cite

Abstract. Security testing can broadly be described as (1) the testing of security requirements that concerns confidentiality, integrity, availability, authentication, authorization, nonrepudiation and (2) the testing of the software to validate how much it can withstand an attack. Agile testing involves immediately integrating changes into the main system, continuously testing all changes and updating test cases to be able to run a regression test at any time to verify that changes have not broken existing functionality. Software companies have a challenge to systematically apply security testing in their processes nowadays. There is a lack of guidelines in practice as well as empirical studies in real-world projects on agile security testing; industry in general needs a more systematic approach to security. The findings of this research are not surprising, but at the same time are alarming. The lack of knowledge on security by agile teams in general, the large dependency on incidental pen-testers, and the ignorance in static testing for security are indicators that security testing is highly under addressed and that more efforts should be addressed to security testing in agile teams.

show abstract

Section: Recommendations For Researchmentioning

confidence: 99%

How is Security Testing Done in Agile Teams? A Cross-Case Analysis of Four Software Teams

Cruzes

Felderer

Oyetoyan

et al. 2017

Lecture Notes in Business Information Processing

Self Cite

View full text Add to dashboard Cite

show abstract

“…This makes it especially challenging to keep software systems permanently secure as changes either in the system itself or in its environment may cause new threats and vulnerabilities [37]. A combination of regression and security testing called security regression testing, which ensures that changes made to a system do not harm its security, are therefore of high significance and the interest in such approaches has steadily increased [36]. Regression testing techniques ensure that changes made to existing software do not cause unintended effects on unchanged parts and changed parts of the software behave as intended [82].…”

Section: Security Regression Testingmentioning

confidence: 99%

“…As for classical regression testing [139], also for security regression testing most approaches fall into this category [36]. These approaches test both, security mechanisms and vulnerabilities.…”

Section: Test Case Selectionmentioning

confidence: 99%

See 1 more Smart Citation

Security Testing

Felderer

Büchler

Johns

et al. 2016

Advances in Computers

Self Cite

121

View full text Add to dashboard Cite

ReuseThis article is distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivs (CC BY-NC-ND) licence. This licence only allows you to download this work and share it with others as long as you credit the authors, but you can't change the article in any way or use it commercially. More information and the full terms of the licence here: https://creativecommons.org/licenses/ Takedown If you consider content in White Rose Research Online to be in breach of UK law, please notify us by emailing eprints@whiterose.ac.uk including the URL of the record and the reason for the withdrawal request. Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual security testing techniques is of high value both for researchers to evaluate and refine the techniques and for practitioners to apply and disseminate them. This chapter fulfills this need and provides an overview of recent security testing techniques. For this purpose, it first summarize the required background of testing and security engineering. Then, basics and recent developments of security testing techniques applied during the secure software development lifecycle, i.e., model-based security testing, code-based testing and static analysis, penetration testing and dynamic analysis, as well as security regression testing are discussed. Finally, the security testing techniques are illustrated by adopting them for an example three-tiered web-based business application.

show abstract

“…This technique ensure that changes made to a system do not harm its security, are therefore of high significance and the interest in such approaches has steadily increased [48]. The changes may be due to new business needs, new regulations, and new technologies.…”

Section: Can Not Directly Read Http Packets I S S Nmentioning

confidence: 99%

A Survey on Design Methods for Secure Software Development

Surakhi

Hudaib

Alshraideh

et al. 2017

IJCT

View full text Add to dashboard Cite

I S S N 2 2 7 7 -3061 V o l u m e 1 6 N u m b e r 7 I n t e r n a t i o n a l j o u r n a l o f C o m p u t e r s a n d T e c h n o l o g y 7047 AbstractSoftware provide services that may come with some vulnerabilities or risks. Attackers perform actions that break security of system through threats and cause a failure. To avoid security vulnerability, there are many security-specific concepts that should be determined as requirements during software development life cycle in order to deliver a strong and secure software. This paper first, survey a number of existing processes, life cycle and methodologies needed for developing secure software based on the related published works. It starts by presenting the most relevant Secure Software Development Lifecycles, a comparison between the main security features for each process is proposed. The results of the comparison will give the software developer with a guideline which will help on selecting the best secure process. Second, the paper list a set of the most widely used specification languages with the advantages and disadvantages for each.

show abstract

A systematic classification of security regression testing approaches

Cited by 35 publications

References 59 publications

How is Security Testing Done in Agile Teams? A Cross-Case Analysis of Four Software Teams

How is Security Testing Done in Agile Teams? A Cross-Case Analysis of Four Software Teams

Security Testing

A Survey on Design Methods for Secure Software Development

Contact Info

Product

Resources

About