Got lost in overwhelmingly large amount security testing research? Do not worry, there is help.
We are happy to announce that our survey on security testing has been published. We do not only provide an overview of the currents state of the art in security testing research, we also explain the role of security testing a secure software development process and discuss the various security testing approaches in the context of a multi-tiered web application.
In particular, we discuss the following security testing techniques: * Model-based security testing (including risk-based security testing) * Code-based security testing (including static source code analysis) * Penetration testing and dynamic (runtime) analysis * Security Regression testing
Felderer, M., Büchler, M., Johns, M., Brucker, A.D., Breu, R., & Alexander, A. (2016). Security Testing: A Survey Advances in Computers, 101, 1-51 DOI: 10.1016/bs.adcom.2015.11.003
1. Felderer, M., Büchler, M., Johns, M., Brucker, A. D., Breu, R., and Pretschner, A. “Security Testing: A Survey” Advances in Computers 101, (2016): 1–51. doi:10.1016/bs.adcom.2015.11.003, URL: http://www.brucker.ch/bibliography/abstract/felderer.ea-security-testing-2016