Skip to Main content Skip to Navigation
Conference papers

Using Data Integration for Security Testing

Abstract : The explosion of digitisation makes a plethora of security data publicly available for developers. These numerous (often complex) documents expose them to the difficulty of choosing the most appropriate solution for securing their applications. We propose in this paper a method based upon data acquisition and integration, which assists developers in the Threat modelling stage and in the security test case execution. The method firstly helps devise Attack Defense Trees by means of a data-store. These trees show attacks, steps and defenses given under the form of security patterns, which are re-usable solutions to design more secure applications. These trees are then used for the test case generation. The data-store integrates test case stubs, which make this generation easier and developers more efficient. We evaluate our approach on 24 participants and show encouraging results on the use of data integration in software engineering.
Complete list of metadata

Cited literature [12 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, January 9, 2018 - 3:38:05 PM
Last modification on : Monday, February 22, 2021 - 9:14:09 AM
Long-term archiving on: : Wednesday, May 23, 2018 - 4:28:06 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Sébastien Salva, Loukmen Regainia. Using Data Integration for Security Testing. 29th IFIP International Conference on Testing Software and Systems (ICTSS), Oct 2017, St. Petersburg, Russia. pp.178-194, ⟨10.1007/978-3-319-67549-7_11⟩. ⟨hal-01678954⟩



Record views


Files downloads