论文信息 - Security testing in software engineering courses

Security testing in software engineering courses

Writing secure code is at the heart of computing security. Unfortunately traditional software engineering textbooks failed to provide adequate methods and techniques for students and software engineers to bring security engineering approaches to software development process generating secure software as well as correct software. This paper argues that a security testing phase should be added to software development process with systematic approach to generating and conducting destructive security test sets following a complete coverage principle. Software engineers must have formal training on writing secure code. The security testing tasks include penetrating and destructive tests that are different from functional testing tasks currently covered in software engineering textbooks. Systematic security testing approaches should be seamlessly incorporated into software engineering curricula and software development process. Moreover, component-based development and formal methods could be useful to produce secure code, as well as automatic security checking tools. Some experience of applying security testing principles in our software engineering course teaching is reported.

A.J.A. Wang

[1] Wolfgang Bibel,et al. Automated Theorem Proving , 1987, Artificial Intelligence / Künstliche Intelligenz.

[2] Jeffrey D. Ullman,et al. Introduction to Automata Theory, Languages and Computation , 1979 .

[3] FrazerKen. Building secure software , 2002 .

[4] 하수철,et al. [서평]「Component Software」 - Beyond Object-Oriented Programming - , 2000 .

[5] Johann Schumann,et al. Automated Theorem Proving in Software Engineering , 2001, Springer Berlin Heidelberg.

[6] Ivica Crnkovic,et al. Building Reliable Component-Based Software Systems , 2002 .

[7] Jeffrey D. Ullman,et al. Introduction to automata theory, languages, and computation, 2nd edition , 2001, SIGA.

[8] 김수동,et al. [서평]「Software Engineering : A Practitioner's Approach, 4^(th) Edition」 , 1997 .

[9] D. Dickson. The story so far… , 2000, Nature.

[10] David A. Wagner,et al. MOPS: an infrastructure for examining security properties of software , 2002, CCS '02.

[11] George T. Heineman,et al. Component-Based Software Engineering: Putting the Pieces Together , 2001 .

[12] James A. Whittaker,et al. How to Break Software Security , 2003 .

[13] Roger S. Pressman,et al. Software Engineering: A Practitioner's Approach , 1982 .