Digitalni repozitorijum
Univerziteta u Beogradu
{{ mc.sd.lang | uppercase }}
Software Security Analysis, Metrics, and Test Design Considerations
Avdić, Dženan
Pljasković, Aldina
Lazić, Ljubomir
Abstract: Software security addresses the degree to which software can be exploited or misused. Software development is not yet a science or a rigorous discipline, and the development process by and large is not controlled to minimize the vulnerabilities that attackers exploit. Security is a blend of -enhanced processes and practices—and the skilled people to perform them— which are required to build software that can be trusted not to increase risk exposure. Three categories of analysis provide such a blend: threat modeling, risk analysis, and security assessment and testing. This article discusses the role of software testing in a security-oriented software development process. It focuses on two related topics: functional security testing and risk-based security testing. Any endeavor worth pursuing is worth measuring, but software security presents new measurement challenges: there are no established formulas or procedures for quantifying the security risk present in a program. This paper details the importance of measuring software security and discusses the lessthan satisfying approaches that are prevalent today. A new set of metrics is then proposed for ensuring an accurate and comprehensive view of software projects ranging from legacy systems to newly deployed web applications. Many of the new metrics make use of source code analysis results.
engleski
2012
Ovo delo je licencirano pod uslovima licence
Creative Commons CC BY 4.0 - Creative Commons Autorstvo 4.0 International License.
http://creativecommons.org/licenses/by/4.0/legalcode
KeyWords: Security issues, security testing, security metrics, security risks