Steps Towards Fuzz Testing in Agile Test Automation

Pietikäinen, Pekka; Kettunen, Atte; Röning, Juha

doi:10.4018/ijsse.2016010103

Cited by 2 publications

(2 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While there exists a series of suggested methods how to conduct security engineering activities in an agile project (see e.g. Alnatheer, Gravel & Argles, 2010;Baca & Carlsson, 2011;Beznosov & Kruchten, 2004;Fitzgerald, Stol & Sullivan, 2013;Ge, Paige, Polack & Brooke, 2007;Pietikäinen & Röning, 2014;, the empiric evidence is still largely anecdotal and the cases reported specific to an industry or a single company. The study reported in this paper is exploratory, and thus the research, by its nature, explorative.…”

Section: Introductionmentioning

confidence: 99%

Case Study of Agile Security Engineering

Rindell

Hyrynsalmi

Leppänen

2017

International Journal of Secure Software Engineering

View full text Add to dashboard Cite

Security concerns are increasingly guiding both the design and processes of software-intensive product development. In certain environments, the development of the product requires special security arrangements for development processes, product release, maintenance and hosting, and specific security-oriented processes and governance. Integrating the security engineering processes into agile development methods can have the effect of mitigating the agile methods' intended benefits. This article describes a case of a large ICT service provider building a secure identity management system for a sizable government agency. The project was a subject to strict security regulations due to the end product's critical role. The project was a multi-team, multi-site, standard-regulated security engineering and development work executed following the Scrum framework. The study reports the difficulties in combining security engineering with agile development, provides propositions to enhance Scrum for security engineering activities. Also, an evaluation of the effects of the security work on project cost presented.

show abstract

Section: Introductionmentioning

confidence: 99%

Case Study of Agile Security Engineering

Rindell

Hyrynsalmi

Leppänen

2017

International Journal of Secure Software Engineering

View full text Add to dashboard Cite

show abstract

“…A fuzz approach to security testing was presented by Pietikäinen et al The authors emphasised the challenges, experiences, and practical ways of utilizing fuzzing in soft-ware development, focussing on software security aspects [6].…”

Section: Introductionmentioning

confidence: 99%

A Six Sigma Security Software Quality Management

Bubevski¹

2016

JCC

View full text Add to dashboard Cite

Today, the demand for security software is Six Sigma quality, i.e. practically zerodefects. A practical and stochastic method is proposed for a Six Sigma security software quality management. Monte Carlo Simulation is used in a Six Sigma DMAIC (Define, Measure, Analyze, Improve, Control) approach to security software testing. This elaboration used a published real project's data from the final product testing lasted for 15 weeks, after which the product was delivered. The experiment utilised the first 12 weeks' data to allow the results verification on the actual data from the last three weeks. A hypothetical testing project was applied, supposed to be completed in 15 weeks. The product due-date was Week 16 with zero-defects quality assurance aim. The testing project was analysed at the end of the 12 th week with three weeks of testing remaining. Running a Monte Carlo Simulation with data from the first 12 weeks produced results which indicated that the product would not be able to meet its due-date with the desired zero-defects quality. To quantify an improvement, another simulation was run to find when zero-defects would be achieved. Simulation predicted that zero-defects would be achieved in week 35 with 56% probability, and there would be 82 defects from Weeks 16-35. Therefore, to meet the quality goals, either more resources should be allocated to the project, or the deadline for the project should be moved to Week 36. The paper concluded that utilising Monte Carlo Simulations in a Six Sigma DMAIC structured framework is better than conventional approaches using static analysis methods. When the simulation results were compared to the actual data, it was found to be accurate within −3.5% to +1.3%. This approach helps to improve software quality and achieve the zero-defects quality assurance goal, while assigning quality confidence levels to scheduled product releases.

show abstract

Steps Towards Fuzz Testing in Agile Test Automation

Cited by 2 publications

References 18 publications

Case Study of Agile Security Engineering

Case Study of Agile Security Engineering

A Six Sigma Security Software Quality Management

Contact Info

Product

Resources

About