Learning From Software Security Testing
Chapter
Permanent lenke
http://hdl.handle.net/11250/2430203Utgivelsesdato
2008Metadata
Vis full innførselSamlinger
- Publikasjoner fra CRIStin - SINTEF AS [5583]
- SINTEF Digital [2379]
Originalversjon
IEEE International Conference on Software Testing Verification and Validation Workshop, 2008. ICSTW '08, Lillehammer 9-11 April, 2008Sammendrag
Software security testing tools and methodologies are presently abundant, and the question no longer seems to be ``if to test'' for security, but rather ``where and when to test'' and ``then what?''. In this paper we present a review of security testing literature, and propose a software security testing scheme that exploits an intra-organisational repository of discovered vulnerabilities that closes the loop after the testing of one application is complete, providing useful input to the next application to be tested. Learning From Software Security Testing