A Normative Software Security Testing Approach Based on Threat-Modeling

The computer system security lies on software security ultimately and security testing is one of the most important approaches to ensure it. In this paper, a normative software security testing approach based on threat-modeling is proposed. Furthermore, a simplified Instant Message Server program (IMS) is used to illustrate the principle and processes of our approach. Comparing with the previous experiential security testing methods, our approach is more practicable and normative so that it has a good scalability.

[1]  Herbert H. Thompson Application Penetration Testing , 2005, IEEE Secur. Priv..

[2]  James A. Whittaker,et al.  How to Break Software Security , 2003 .

[3]  Gary Mcgraw Software security , 2004, IEEE Security & Privacy Magazine.

[4]  Sanjay Mohapatra,et al.  Finding Factors Impacting Productivity in Software Development Project Using Structured Equation Modelling , 2011 .

[5]  Sam Jabbehdari,et al.  A New Test Process in Agent-oriented Software Engineering , 2011 .

[6]  Nahid Shahmehri,et al.  Design of a Process for Software Security , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[7]  Steven B. Lipner,et al.  The trustworthy computing security development lifecycle , 2004, 20th Annual Computer Security Applications Conference.

[8]  Jian Chen,et al.  An Automatic Test Database Generation Algorithm Based on RQP , 2011 .

[9]  William H. Allen,et al.  The ISDF Framework: Towards Secure Software Development , 2010, J. Inf. Process. Syst..