Establishing the Relationship in Vulnera- bility Classification for a Secure Software Testing

Having a significance vulnerability classification is important in developing a strong confidence in choosing the damaging cases associated with testing problems. The accurate classification helps to explain the belonging of vulnerability. The current research failed to empirically describe these matters, due to the absence of generic classification for testing and assessment. The aim of this paper is to fulfill this gap by enhancing the vulnerability classification meant for a secured software testing. This enhancement, which benefited from the issues of users view point and abstraction level, is later implemented in a vulnerability report database to determine the pattern of vulnerability relationship. As a result, the patterns, which support the traceability aspect, exposed the ability to be mapped with requirement elicitation through use case notation and served as a practical tool to demonstrate the impact and priority in performing the appropriate secure software testing.

[1]  Matt Bishop,et al.  A Critical Analysis of Vulnerability Taxonomies , 1996 .

[2]  Yuan Zhang,et al.  A Categorization Framework for Common Computer Vulnerabilities and Exposures , 2010, Comput. J..

[3]  Ian F. Alexander,et al.  Misuse Cases: Use Cases with Hostile Intent , 2003, IEEE Softw..

[4]  S. Shahrin,et al.  Towards Incorporation of Software Security Testing Framework in Software Development , 2011, ICSECS.

[5]  Frank Piessens,et al.  A taxonomy of causes of software vulnerabilities in Internet software , 2002 .

[6]  Gary McGraw,et al.  Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors , 2005, IEEE Secur. Priv..

[7]  Ronald D. Williams,et al.  Taxonomies of attacks and vulnerabilities in computer systems , 2008, IEEE Communications Surveys & Tutorials.

[8]  Sabah S. Al-Fedaghi System-based Approach to Software Vulnerability , 2010, 2010 IEEE Second International Conference on Social Computing.

[9]  Mary Lou Soffa,et al.  A comprehensive framework for testing graphical user interfaces , 2001 .

[10]  William H. Sanders,et al.  Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.

[11]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[12]  Mario Piattini,et al.  Secure information systems development - a survey and comparison , 2005, Comput. Secur..

[13]  A. Tripathi,et al.  Taxonomic analysis of classification schemes in vulnerability databases , 2012, 2011 6th International Conference on Computer Sciences and Convergence Information Technology (ICCIT).

[14]  Stéphane Ubéda,et al.  Comprehensive Security Framework for Global Threads Analysis , 2009, ArXiv.

[15]  Software Vulnerabilities, Banking Threats, Botnets and Malware Self-Protection Technologies , 2011, ArXiv.