A Review: Software Security Testing

International Journal of Computer Science and Engineering
© 2017 by SSRG - IJCSE Journal
Volume 4 Issue 9
Year of Publication : 2017
Authors : Dr.S.Kannan, Mr.T.Pushparaj

How to Cite?

Dr.S.Kannan, Mr.T.Pushparaj, "A Review: Software Security Testing," SSRG International Journal of Computer Science and Engineering , vol. 4,  no. 9, pp. 1-8, 2017. Crossref, https://doi.org/10.14445/23488387/IJCSE-V4I9P101


Software security testing is an essential means to ensure software security and trustiness. Through the developingdifficulty of today’s software applications order with the increasing modest pressure has pushed the quality assurance of developed software towards new heights. Software testing is apredictable part of the software development lifecycle, and possession in line with its criticality in the pre and post development procedure makes it something that should be provided with improved and efficient methodologies and techniques.Most technologists acknowledge this responsibility’ssignificance, but themessential some help in understanding how to tackle it. This new section aims to deliver that help by exploring software security best practices.Finally, the paper points out future focus and development ways of software security testing technology.


 security testing, security functional testing, security, vulnerability testing, testing tool, Testing Frameworks.


[1] Gary McGraw, Bruce Potter. “Software Security Testing”[J]. IEEESecurity & Privacy, 2004, 2(5):81-85.
[2] David P. Gilliam, John D. Powell, Matt Bishop. “Application of Lightweight Formal Methods to Software Security”[C]. In proc. 14thIEEE International Workshops on Enabling Technologies (WETICE 2005), 13-15 June 2005, Linköping, Sweden.pp.160-165.
[3] Yan Jiong, etc. “Survey of Model-Based Software Testing” Computer Science, 2004.31(2)
[4] Ramaswamy Chandramouli, Mark Blackburn. “Automated Testing of Security Functions Using a Combined Model and Interface-Driven Approach”[C]. In proc. 37th Hawaii International Conference on System Sciences (HICSS-37 2004), 5-8 January 2004, Big Island, HI, USA.
[5] Du Wenliang , Mathur A P. “Vulnerability Testing of Software System Using Fault Injection”[R]. Coast TR 98-02, 1998.
[6] Du Wenliang, Aditya P. Mathur. “Testing for Software Vulnerability Using Environment Perturbation”[C]. In proc. DSN 2000.pp.603-612.
[7] George Fink, Matt Bishop. “Property Based Testing: A New Approach to Testing for Assurance”[J]. ACM SIGSOFT Software Engineering Notes, 1997, 22(4):74~80.
[8] Xia Yi-min, etc. “Security Vulnerability Detection Study Based on Static Analysis” Computer Science, 2006.33(10).
[9] Ben Breech, Lori Pollock. “A Framework for Testing Security Mechanisms for Program-Based Attacks”[J]. ACM SIGSOFT Software Engineering Notes, 2005, 30(4).
[10] Lieven Desmet, Bart Jacobs, Frank Piessens, Wouter Joosen. “Threat modeling for web services based web applications”. In proc. Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK.pp.161-174.
[11] P. Ron. Software testing. Vol. 2. Indianapolis: Sam‟s, 2001.
[12] S. Amland, "Risk-based testing:" Journal of Systems and Software, vol. 53, no. 3, pp. 287–295, Sep. 2000.
[13] Redmill and Felix, “Theory and Practice of Risk-based Testing”, Software Testing, Verification and Reliability, Vol. 15, No. 1, March 2005.
[14] B. Agarwal et al., “Software engineering and testing”. Jones & Bartlett Learning, 2010.
[15] K. Bogdan. “Automated software test data generation”. Software Engineering, IEEE Transactions on 16.8 (1990): 870-879.
[16] Jacobson et al. The unified software development process. Vol.1. Reading: Addison-Wesley, 1999.
[17] Everett et al., “Software testing: testing across the entire software development life cycle”. John Wiley & Sons, 2007.
[18] J.Irena. “Software Testing Methods and Techniques”, 2008, pp. 30-35.
[19] Guide to the Software Engineering Body of Knowledge, Swebok, A project of the IEEE Computer Society Professional Practices Committee, 2004.
[20] E. F. Miller, “Introduction to Software Testing Technology”, Software Testing & Validation Techniques, IEEE, 1981, pp. 4-16.
[21] M. Shaw, “Prospects for an engineering discipline of software,”IEEE Software, November 1990, pp.15-24.
[22] D. Nicola et al. "A grey-box approach to the functional testing of complex automatic train protection systems." Dependable Computing-EDCC 5. Springer Berlin Heidelberg, 2005. 305-317.
[23] J. A. Whittaker, “What is Software Testing? And Why Is It So Hard?” IEEE Software, 2000, pp. 70-79.
[24] N. Jenkins, “A Software Testing Primer”, 2008, pp.3-15.
[25] Luo, Lu, and Carnegie, "Software Testing Techniques- Technology Maturation and Research Strategies‟, Institute for Software Research International-Carnegie Mellon University, Pittsburgh, Technical Report, 2010.
[26] M. S. Sharmila and E. Ramadevi. "Analysis of performance testing on web application." International Journal of Advanced Research in Computer and Communication Engineering, 2014.
[27] S. Sampath and R. Bryce, Improving the effectiveness of Test Suite Reduction for User-Session-Based Testing of Web Applications, Elsevier Information and Software Technology Journal, 2012.
[28] B. Pedersen and S. Manchester, Test Suite Prioritization by Costbased Combinatorial Interaction Coverage International Journal of Systems Assurance Engineering and Management, SPRINGER, 2011.
[29] S. Sprenkle et al., "Applying Concept Analysis to Usersessionbased Testing of Web Applications", IEEE Transactions on Software Engineering, Vol. 33, No. 10, 2007, pp. 643 - 658
[30] C. Michael, “Generating software test data by evolution, Software engineering”, IEEE Transaction, Volume: 27, 2001.
[31] A. Memon, “A Uniform Representation of Hybrid Criteria for Regression Testing”, Transactions on Software Engineering (TSE), 2013.
[32] R. W. Miller, “Acceptance testing”, 2001, Data retrieved from (http://www.dsc.ufcg.edu.br/~jacques/cursos/map/recursos/T estin g05.pdf)
[33] Infosys, “Metric model”, white paper, 2012. Data retrieved from (http://www.infosys.com/engineeringservices/ whitepapers/ Documents/comprehensive-metricsmodel. pdf)
[34] B. Boehm, “Some Future Trends and Implications for Systems and Software Engineering Processes”, 2005, pp.1- 11.
[35] R. Bryce, “Test Suite Prioritization and Reduction by Combinational based Criteria”, IEEE Computer Society”, 2014, pp.21-22.
[36] M. I. Babar, “Software Quality Enhancement for value based systems through Stakeholders Quantification”, 2005, pp.359- 360. Data retrieved from(http://www.jatit.org/volumes/Vol55No3/10Vol55No3.p df)