A Framework for Security Testing

被引:0
|
作者
Gupta, Daya [1 ]
Chatterjee, Kakali [1 ]
Jaiswal, Shruti [1 ]
机构
[1] Delhi Technol Univ, Dept Comp Engn, Delhi, India
来源
COMPUTATIONAL SCIENCE AND ITS APPLICATIONS (ICCSA 2013), PT III | 2013年 / 7973卷
关键词
Security Testing; Vulnerability Point; Vulnerability Nullification; Threat Mitigation;
D O I
暂无
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
The goal of security testing is to verify and validate the potentiality of different vulnerabilities. For identified threats ensure that security mechanism deployed during design really mitigate the threats at vulnerable points. This requires checking that during functionality execution the threats to the assets really get mitigated. In this paper we propose a Framework for Security Testing that involves identifying different attacks that are possible by different stakeholders or intruders for each functionality offered by the system. Next we validate that the design decision taken to implement the security requirement associated with that functionality is appropriate to mitigate identified threats and risks on assets involved. Finally a test report template is designed which can be used to review the deployed security mechanism.
引用
收藏
页码:187 / 198
页数:12
相关论文
共 50 条
  • [1] A SIP Security Testing Framework
    Srinivasan, Hemanth
    Sarac, Kamil
    2009 6TH IEEE CONSUMER COMMUNICATIONS AND NETWORKING CONFERENCE, VOLS 1 AND 2, 2009, : 1056 - 1060
  • [2] Artorias: IoT Security Testing Framework
    Jeannotte, Bryer
    Tekeoglu, Ali
    2019 26TH INTERNATIONAL CONFERENCE ON TELECOMMUNICATIONS (ICT), 2019, : 233 - 237
  • [3] Security Testing Framework for Web Applications
    Alrawais, Layla Mohammed
    Alenezi, Mamdouh
    Akour, Mohammad
    INTERNATIONAL JOURNAL OF SOFTWARE INNOVATION, 2018, 6 (03) : 93 - 117
  • [4] A Research of Distributed Security and QoS Testing Framework
    Liu, Zhibin
    Liu, Ziang
    Huang, Yuanyuan
    Liu, Xin
    Zhou, Xiaokang
    Zhou, Rui
    2020 IEEE INTL CONF ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING, INTL CONF ON PERVASIVE INTELLIGENCE AND COMPUTING, INTL CONF ON CLOUD AND BIG DATA COMPUTING, INTL CONF ON CYBER SCIENCE AND TECHNOLOGY CONGRESS (DASC/PICOM/CBDCOM/CYBERSCITECH), 2020, : 174 - 181
  • [5] A Framework for Systematic Classification of Assets for Security Testing
    Jan, Sadeeq
    Bin Tauqeer, Omer
    Khan, Fazal Qudus
    Tsaramirsis, George
    Ahmad, Awais
    Ahmad, Iftikhar
    Maqsood, Imran
    Ullah, Niamat
    CMC-COMPUTERS MATERIALS & CONTINUA, 2021, 66 (01): : 631 - 645
  • [6] Web Security Testing Approaches: Comparison Framework
    Alssir, Fakhreldin T.
    Ahmed, Moataz
    PROCEEDINGS OF THE 2011 2ND INTERNATIONAL CONGRESS ON COMPUTER APPLICATIONS AND COMPUTATIONAL SCIENCE, VOL 1, 2012, 144 : 163 - 169
  • [7] A testing framework for Web application security assessment
    Huang, YW
    Tsai, CH
    Lin, TP
    Huang, SK
    Lee, DT
    Kuo, SY
    COMPUTER NETWORKS, 2005, 48 (05) : 739 - 761
  • [8] A Security Assurance Framework Combining Formal Verification and Security Functional Testing
    Wang, Weiguang
    Zeng, Qingkai
    Mathur, Aditya P.
    2012 12TH INTERNATIONAL CONFERENCE ON QUALITY SOFTWARE (QSIC), 2012, : 136 - 139
  • [9] Bluetooth Low Energy Devices Security Testing Framework
    Ray, Apala
    Raj, Vipin
    Oriol, Manuel
    Monot, Aurelien
    Obermeier, Sebastian
    2018 IEEE 11TH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION (ICST), 2018, : 384 - 393
  • [10] Security testing framework for a novel mobile wallet ecosystem
    Santos, Joao
    Antunes, Marco
    Mangana, Joao
    Monteiro, David
    Santos, Patrick
    Casal, Joao
    2017 9TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND COMMUNICATION NETWORKS (CICN), 2017, : 153 - 160
12345