Posted on by Achim D. Brucker, licensed under CC BY-ND 4.0.

A Survey of Security Testing Techniques

Got lost in overwhelmingly large amount security testing research? Do not worry, there is help.

We are happy to announce that our survey on security testing has been published. We do not only provide an overview of the currents state of the art in security testing research, we also explain the role of security testing a secure software development process and discuss the various security testing approaches in the context of a multi-tiered web application.

In particular, we discuss the following security testing techniques:

  • Model-based security testing (including risk-based security testing)
  • Code-based security testing (including static source code analysis)
  • Penetration testing and dynamic (runtime) analysis
  • Security Regression testing


1. Felderer, M., Büchler, M., Johns, M., Brucker, A. D., Breu, R., and Pretschner, A. “Security Testing: A SurveyAdvances in Computers 101, (2016): 1–51. doi:10.1016/bs.adcom.2015.11.003, URL: