Software security testing
- 8 October 2004
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Security & Privacy
- Vol. 2 (5), 81-85
- https://doi.org/10.1109/msp.2004.84
Abstract
Testing software security is a commonly misunderstood task. Done properly, it goes deeper than simple black-box probing on the presentation layer (the sort performed by so-called application security tools) - and even beyond the functional testing of security apparatus. Testers must use risk-based approaches, grounded in both the system's architectural reality and the attacker's mindset, to gauge software security adequately. By identifying risks in the system and creating tests driven by those risks, a software security tester can properly focus on areas of code in which an attack is likely to succeed. This approach provides a higher level of software security assurance than is possible with classical black-box testing.Keywords
This publication has 2 references indexed in Scilit:
- Risk analysis in software designIEEE Security & Privacy, 2004
- Software securityIEEE Security & Privacy, 2004