Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
Risk Analysis in Software Design
IEEE Security and Privacy
IEEE Security and Privacy
Risk Analysis in Software Design
IEEE Security and Privacy
Building More Secure Software with Improved Development Processes
IEEE Security and Privacy
IEEE Security and Privacy
IEEE Security and Privacy
Knowledge for Software Security
IEEE Security and Privacy
Security Meter: A Practical Decision-Tree Model to Quantify Risk
IEEE Security and Privacy
Adopting a Software Security Improvement Program
IEEE Security and Privacy
Investigation of IS professionals' intention to practise secure development of applications
International Journal of Human-Computer Studies
A Threat Model Driven Approach for Security Testing
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
A Common Sense Way to Make the Business Case for Software Assurance
The EDP Audit, Control, and Security Newsletter
Secure Software Engineering: Learning from the Past to Address Future Challenges
Information Security Journal: A Global Perspective
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Security testing: mind the knowledge gap
ACM SIGCSE Bulletin
Towards Model-Based Automatic Testing of Attack Scenarios
SAFECOMP '09 Proceedings of the 28th International Conference on Computer Safety, Reliability, and Security
Proceedings of the second annual workshop on Security and privacy in medical and home-care systems
An integrated application of security testing methodologies to e-voting systems
ePart'10 Proceedings of the 2nd IFIP WG 8.5 international conference on Electronic participation
Introducing mitigation use cases to enhance the scope of test cases
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Review of software security defects taxonomy
RSKT'10 Proceedings of the 5th international conference on Rough set and knowledge technology
Security mutation testing of the FileZilla FTP server
Proceedings of the 2011 ACM Symposium on Applied Computing
Building components with embedded security monitors
Proceedings of the joint ACM SIGSOFT conference -- QoSA and ACM SIGSOFT symposium -- ISARCS on Quality of software architectures -- QoSA and architecting critical systems -- ISARCS
Exploring the relationship betweenweb application development tools and security
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
Security testing has recently moved beyond the realm of network port scanning to include probing-softwareýs behavior as a critical aspect of system behavior. Unfortunately, testing software security is a commonly misunderstood task. Security testing done properly goes deeper than simple black-box probing on the presentation layer (the sort performed by so-called application security tools)-even beyond the functional testing of security apparatuses. Testers must use a risk-based approach, grounded in both the systemýs architectural reality and the attackerýs mindset, to adequately gauge software security. By identifying risks in the system and creating tests driven by those risks, a software security tester can properly focus on those areas of code in which an attack will succeed. This approach provides a higher level of software security assurance than possible with classical black-box testing.