Posted on by Achim D. Brucker, licensed under CC BY-ND 4.0.

A Survey of Security Testing Techniques

Got lost in overwhelmingly large amount security testing research? Do not worry, there is help.

We are happy to announce that our survey on security testing has been published. We do not only provide an overview of the currents state of the art in security testing research, we also explain the role of security testing a secure software development process and discuss the various security testing approaches in the context of a multi-tiered web application.

In particular, we discuss the following security testing techniques: * Model-based security testing (including risk-based security testing) * Code-based security testing (including static source code analysis) * Penetration testing and dynamic (runtime) analysis * Security Regression testing

Felderer, M., Büchler, M., Johns, M., Brucker, A.D., Breu, R., & Alexander, A. (2016). Security Testing: A Survey Advances in Computers, 101, 1-51 DOI: 10.1016/bs.adcom.2015.11.003


1. Felderer, M., Büchler, M., Johns, M., Brucker, A. D., Breu, R., and Pretschner, A. “Security Testing: A SurveyAdvances in Computers 101, (2016): 1–51. doi:10.1016/bs.adcom.2015.11.003, URL:

Welcome to the blog of the Software Assurance & Security Research Team at The University of Sheffield. We blog regularly news, tips & tricks, as well as fun facts about software assurance, reliability, security, testing, verification, hacking, and logic.

You can also follow us on Twitter: @logicalhacking.




academia appsec cordova dast devops devsecops event fixeffort floss hol-ocl hol-testgen iast industry isabelle/hol logic mbst mobile modelling monads ocl opensource owasp research sap sast sdlc secdevops security securityengineering securitytesting staff&positions test&proof testing tips&tricks tools tuos uk verification webinar


blog whole site