Using Data Integration for Security Testing - Testing Software and Systems (ICTSS 2017)
Conference Papers Year : 2017

Using Data Integration for Security Testing

Sébastien Salva
  • Function : Author
  • PersonId : 1026227
Loukmen Regainia
  • Function : Author
  • PersonId : 1026228

Abstract

The explosion of digitisation makes a plethora of security data publicly available for developers. These numerous (often complex) documents expose them to the difficulty of choosing the most appropriate solution for securing their applications. We propose in this paper a method based upon data acquisition and integration, which assists developers in the Threat modelling stage and in the security test case execution. The method firstly helps devise Attack Defense Trees by means of a data-store. These trees show attacks, steps and defenses given under the form of security patterns, which are re-usable solutions to design more secure applications. These trees are then used for the test case generation. The data-store integrates test case stubs, which make this generation easier and developers more efficient. We evaluate our approach on 24 participants and show encouraging results on the use of data integration in software engineering.
Fichier principal
Vignette du fichier
449632_1_En_11_Chapter.pdf (550.75 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01678954 , version 1 (09-01-2018)

Licence

Identifiers

Cite

Sébastien Salva, Loukmen Regainia. Using Data Integration for Security Testing. 29th IFIP International Conference on Testing Software and Systems (ICTSS), Oct 2017, St. Petersburg, Russia. pp.178-194, ⟨10.1007/978-3-319-67549-7_11⟩. ⟨hal-01678954⟩
106 View
140 Download

Altmetric

Share

More