Posted on by Achim D. Brucker, licensed under CC BY-ND 4.0.

A Survey of Security Testing Techniques

Got lost in overwhelmingly large amount security testing research? Do not worry, there is help.

We are happy to announce that our survey on security testing has been published. We do not only provide an overview of the currents state of the art in security testing research, we also explain the role of security testing a secure software development process and discuss the various security testing approaches in the context of a multi-tiered web application.

In particular, we discuss the following security testing techniques:

  • Model-based security testing (including risk-based security testing)
  • Code-based security testing (including static source code analysis)
  • Penetration testing and dynamic (runtime) analysis
  • Security Regression testing


1. Felderer, M., Büchler, M., Johns, M., Brucker, A. D., Breu, R., and Pretschner, A. “Security Testing: A SurveyAdvances in Computers 101, (2016): 1–51. doi:10.1016/bs.adcom.2015.11.003, URL:

Welcome to the blog of the Software Assurance & Security Research Team at The University of Sheffield. We blog regularly news, tips & tricks, as well as fun facts about software assurance, reliability, security, testing, verification, hacking, and logic.

You can also follow us on Twitter: @logicalhacking.




academia appsec bitcoin browserextensions browsersecurity chrome cordova dast devops devsecops event extensions fixeffort floss hol-ocl hol-testgen hybridapps iast industry iot isabelle/hol logic malicous mbst mobile modeling monads ocl opensource owasp research sap sast sdlc secdevops security securityengineering securitytesting staff&positions test&proof testing tips&tricks tools tuos uk verification webinar websecurity


blog whole site