Software security testing is an important means to ensure software security and trustiness. This paper first mainly discusses the definition and classification of software security testing, and investigates methods and tools of software security testing widely. Then it analyzes and concludes the advantages and disadvantages of various methods and the scope of application, presents a taxonomy of security testing tools. Finally, the paper points out future focus and development directions of software security testing technology.
[1] Gary McGraw, Bruce Potter. "Software Security Testing"(J). IEEE
Security & Privacy, 2004, 2(5):81-85.
[2] David P. Gilliam, John D. Powell, Matt Bishop. "Application of
Lightweight Formal Methods to Software Security"(C). In proc. 14th
IEEE International Workshops on Enabling Technologies (WETICE
2005), 13-15 June 2005, Linköping, Sweden.pp.160-165.
[3] Yan Jiong, etc. "Survey of Model-Based Software Testing" Computer
Science, 2004.31(2)
[4] Ramaswamy Chandramouli, Mark Blackburn. "Automated Testing of
Security Functions Using a Combined Model and Interface-Driven
Approach"(C). In proc. 37th Hawaii International Conference on
System Sciences (HICSS-37 2004), 5-8 January 2004, Big Island, HI,
USA.
[5] Du Wenliang , Mathur A P. "Vulnerability Testing of Software System
Using Fault Injection"(R). Coast TR 98-02, 1998.
[6] Du Wenliang, Aditya P. Mathur. "Testing for Software Vulnerability
Using Environment Perturbation"(C). In proc. DSN 2000.pp.603-612.
[7] George Fink, Matt Bishop. "Property Based Testing: A New Approach
to Testing for Assurance"(J). ACM SIGSOFT Software Engineering
Notes, 1997, 22(4):74´¢×80.
[8] Xia Yi-min, etc. "Security Vulnerability Detection Study Based on
Static Analysis". Computer Science, 2006.33(10).
[9] Ben Breech, Lori Pollock. "A Framework for Testing Security
Mechanisms for Program-Based Attacks"(J). ACM SIGSOFT Software
Engineering Notes, 2005, 30(4).
[10] Lieven Desmet, Bart Jacobs, Frank Piessens, Wouter Joosen. "Threat
modeling for web services based web applications"(C). In proc. Eighth
IFIP TC-6 TC-11 Conference on Communications and Multimedia
Security (CMS 2004), September 2004, UK.pp.161-174.
[11] Brad Arkin, Scott Stender, Gary McGraw: "Software Penetration
Testing"(J). IEEE Security & Privacy ´╝î2005´╝î3(1): 84-87.
[12] Shi Yin-sheng, Deng Shi-wei, Gu Tian-yang, "Software security
testing methods and tools", Computer Engineering and Design, January
2008,Vol.29,pp.27-30
[1] Gary McGraw, Bruce Potter. "Software Security Testing"(J). IEEE
Security & Privacy, 2004, 2(5):81-85.
[2] David P. Gilliam, John D. Powell, Matt Bishop. "Application of
Lightweight Formal Methods to Software Security"(C). In proc. 14th
IEEE International Workshops on Enabling Technologies (WETICE
2005), 13-15 June 2005, Linköping, Sweden.pp.160-165.
[3] Yan Jiong, etc. "Survey of Model-Based Software Testing" Computer
Science, 2004.31(2)
[4] Ramaswamy Chandramouli, Mark Blackburn. "Automated Testing of
Security Functions Using a Combined Model and Interface-Driven
Approach"(C). In proc. 37th Hawaii International Conference on
System Sciences (HICSS-37 2004), 5-8 January 2004, Big Island, HI,
USA.
[5] Du Wenliang , Mathur A P. "Vulnerability Testing of Software System
Using Fault Injection"(R). Coast TR 98-02, 1998.
[6] Du Wenliang, Aditya P. Mathur. "Testing for Software Vulnerability
Using Environment Perturbation"(C). In proc. DSN 2000.pp.603-612.
[7] George Fink, Matt Bishop. "Property Based Testing: A New Approach
to Testing for Assurance"(J). ACM SIGSOFT Software Engineering
Notes, 1997, 22(4):74´¢×80.
[8] Xia Yi-min, etc. "Security Vulnerability Detection Study Based on
Static Analysis". Computer Science, 2006.33(10).
[9] Ben Breech, Lori Pollock. "A Framework for Testing Security
Mechanisms for Program-Based Attacks"(J). ACM SIGSOFT Software
Engineering Notes, 2005, 30(4).
[10] Lieven Desmet, Bart Jacobs, Frank Piessens, Wouter Joosen. "Threat
modeling for web services based web applications"(C). In proc. Eighth
IFIP TC-6 TC-11 Conference on Communications and Multimedia
Security (CMS 2004), September 2004, UK.pp.161-174.
[11] Brad Arkin, Scott Stender, Gary McGraw: "Software Penetration
Testing"(J). IEEE Security & Privacy ´╝î2005´╝î3(1): 84-87.
[12] Shi Yin-sheng, Deng Shi-wei, Gu Tian-yang, "Software security
testing methods and tools", Computer Engineering and Design, January
2008,Vol.29,pp.27-30
@article{"International Journal of Information, Control and Computer Sciences:62596", author = "Gu Tian-yang and Shi Yin-sheng and Fang You-yuan", title = "Research on Software Security Testing", abstract = "Software security testing is an important means to ensure software security and trustiness. This paper first mainly discusses the definition and classification of software security testing, and investigates methods and tools of software security testing widely. Then it analyzes and concludes the advantages and disadvantages of various methods and the scope of application, presents a taxonomy of security testing tools. Finally, the paper points out future focus and development directions of software security testing technology.
", keywords = "security testing, security functional testing, securityvulnerability testing, testing method, testing tool", volume = "4", number = "9", pages = "1449-5", }
