Learning From Software Security Testing
Chapter
View/
Date
2008Metadata
Show full item recordCollections
- Publikasjoner fra CRIStin - SINTEF AS [4403]
- SINTEF Digital [1692]
Original version
IEEE International Conference on Software Testing Verification and Validation Workshop, 2008. ICSTW '08, Lillehammer 9-11 April, 2008Abstract
Software security testing tools and methodologies are presently abundant, and the question no longer seems to be ``if to test'' for security, but rather ``where and when to test'' and ``then what?''. In this paper we present a review of security testing literature, and propose a software security testing scheme that exploits an intra-organisational repository of discovered vulnerabilities that closes the loop after the testing of one application is complete, providing useful input to the next application to be tested. Learning From Software Security Testing