Skip to Main content Skip to Navigation
Conference papers

Using Data Integration for Security Testing

Abstract : The explosion of digitisation makes a plethora of security data publicly available for developers. These numerous (often complex) documents expose them to the difficulty of choosing the most appropriate solution for securing their applications. We propose in this paper a method based upon data acquisition and integration, which assists developers in the Threat modelling stage and in the security test case execution. The method firstly helps devise Attack Defense Trees by means of a data-store. These trees show attacks, steps and defenses given under the form of security patterns, which are re-usable solutions to design more secure applications. These trees are then used for the test case generation. The data-store integrates test case stubs, which make this generation easier and developers more efficient. We evaluate our approach on 24 participants and show encouraging results on the use of data integration in software engineering.
Complete list of metadata

Cited literature [12 references]  Display  Hide  Download

https://hal.inria.fr/hal-01678954
Contributor : Hal Ifip <>
Submitted on : Tuesday, January 9, 2018 - 3:38:05 PM
Last modification on : Monday, February 22, 2021 - 9:14:09 AM
Long-term archiving on: : Wednesday, May 23, 2018 - 4:28:06 PM

File

449632_1_En_11_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Sébastien Salva, Loukmen Regainia. Using Data Integration for Security Testing. 29th IFIP International Conference on Testing Software and Systems (ICTSS), Oct 2017, St. Petersburg, Russia. pp.178-194, ⟨10.1007/978-3-319-67549-7_11⟩. ⟨hal-01678954⟩

Share

Metrics

Record views

194

Files downloads

190