On the automation of security testing

Franz Wotawa

doi:10.1109/ICSSA.2016.9

On the automation of security testing

Franz Wotawa^*

^*Corresponding author for this work

Graz University of Technology (90000)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Due to the still increasing interconnectedness of systems it is very much important to further strengthen activities towards assuring security requirements of those systems. Quality assurance methods like coding guidelines with a focus on security related issues, and static analysis tools are necessary but not sufficient because of the fact that security is a system property. Therefore, it is important to also perform system tests focusing on security threads. When carrying out in a manual way testing is very labor intensive and the question arise whether it is possible to automate security testing? In this paper we take up this question, discuss the underlying challenges, and introduce current work dealing with the automation of security testing. In particular, we present work on using combinatorial testing and AI planning for detecting vulnerabilities in systems. In addition, we discuss shortcomings of the present approaches, open research challenges and further research directions.

Original language	English
Title of host publication	Proceedings - 2016 International Conference on Software Security and Assurance, ICSSA 2016
Publisher	Institute of Electrical and Electronics Engineers
Pages	11-16
Number of pages	6
ISBN (Electronic)	9781509043880
DOIs	https://doi.org/10.1109/ICSSA.2016.9
Publication status	Published - 21 Feb 2017
Event	2016 International Conference on Software Security and Assurance, ICSSA 2016 - St. Polten, Austria Duration: 24 Aug 2016 → 25 Aug 2016

Publication series

Name	Proceedings - 2016 International Conference on Software Security and Assurance, ICSSA 2016

Conference

Conference	2016 International Conference on Software Security and Assurance, ICSSA 2016
Country/Territory	Austria
City	St. Polten
Period	24/08/16 → 25/08/16

ASJC Scopus subject areas

Software
Safety, Risk, Reliability and Quality

Access to Document

10.1109/ICSSA.2016.9

Cite this

On the automation of security testing. / Wotawa, Franz.

Proceedings - 2016 International Conference on Software Security and Assurance, ICSSA 2016. Institute of Electrical and Electronics Engineers, 2017. p. 11-16 7861644 (Proceedings - 2016 International Conference on Software Security and Assurance, ICSSA 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Wotawa, F 2017, On the automation of security testing. in Proceedings - 2016 International Conference on Software Security and Assurance, ICSSA 2016., 7861644, Proceedings - 2016 International Conference on Software Security and Assurance, ICSSA 2016, Institute of Electrical and Electronics Engineers, pp. 11-16, 2016 International Conference on Software Security and Assurance, ICSSA 2016, St. Polten, Austria, 24/08/16. https://doi.org/10.1109/ICSSA.2016.9

@inproceedings{bd87d086646d4ca8ab6bf805a7ffde77,

title = "On the automation of security testing",

abstract = "Due to the still increasing interconnectedness of systems it is very much important to further strengthen activities towards assuring security requirements of those systems. Quality assurance methods like coding guidelines with a focus on security related issues, and static analysis tools are necessary but not sufficient because of the fact that security is a system property. Therefore, it is important to also perform system tests focusing on security threads. When carrying out in a manual way testing is very labor intensive and the question arise whether it is possible to automate security testing? In this paper we take up this question, discuss the underlying challenges, and introduce current work dealing with the automation of security testing. In particular, we present work on using combinatorial testing and AI planning for detecting vulnerabilities in systems. In addition, we discuss shortcomings of the present approaches, open research challenges and further research directions.",

author = "Franz Wotawa",

year = "2017",

month = feb,

day = "21",

doi = "10.1109/ICSSA.2016.9",

language = "English",

series = "Proceedings - 2016 International Conference on Software Security and Assurance, ICSSA 2016",

publisher = "Institute of Electrical and Electronics Engineers",

pages = "11--16",

booktitle = "Proceedings - 2016 International Conference on Software Security and Assurance, ICSSA 2016",

address = "United States",

note = "2016 International Conference on Software Security and Assurance, ICSSA 2016 ; Conference date: 24-08-2016 Through 25-08-2016",

}

TY - GEN

T1 - On the automation of security testing

AU - Wotawa, Franz

PY - 2017/2/21

Y1 - 2017/2/21

N2 - Due to the still increasing interconnectedness of systems it is very much important to further strengthen activities towards assuring security requirements of those systems. Quality assurance methods like coding guidelines with a focus on security related issues, and static analysis tools are necessary but not sufficient because of the fact that security is a system property. Therefore, it is important to also perform system tests focusing on security threads. When carrying out in a manual way testing is very labor intensive and the question arise whether it is possible to automate security testing? In this paper we take up this question, discuss the underlying challenges, and introduce current work dealing with the automation of security testing. In particular, we present work on using combinatorial testing and AI planning for detecting vulnerabilities in systems. In addition, we discuss shortcomings of the present approaches, open research challenges and further research directions.

AB - Due to the still increasing interconnectedness of systems it is very much important to further strengthen activities towards assuring security requirements of those systems. Quality assurance methods like coding guidelines with a focus on security related issues, and static analysis tools are necessary but not sufficient because of the fact that security is a system property. Therefore, it is important to also perform system tests focusing on security threads. When carrying out in a manual way testing is very labor intensive and the question arise whether it is possible to automate security testing? In this paper we take up this question, discuss the underlying challenges, and introduce current work dealing with the automation of security testing. In particular, we present work on using combinatorial testing and AI planning for detecting vulnerabilities in systems. In addition, we discuss shortcomings of the present approaches, open research challenges and further research directions.

UR - http://www.scopus.com/inward/record.url?scp=85015974929&partnerID=8YFLogxK

U2 - 10.1109/ICSSA.2016.9

DO - 10.1109/ICSSA.2016.9

M3 - Conference paper

AN - SCOPUS:85015974929

T3 - Proceedings - 2016 International Conference on Software Security and Assurance, ICSSA 2016

SP - 11

EP - 16

BT - Proceedings - 2016 International Conference on Software Security and Assurance, ICSSA 2016

PB - Institute of Electrical and Electronics Engineers

T2 - 2016 International Conference on Software Security and Assurance, ICSSA 2016

Y2 - 24 August 2016 through 25 August 2016

ER -

On the automation of security testing

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this