Systematizing Security Test Planning Using Functional Requirements Phrases - PowerPoint PPT Presentation

About This Presentation
Title:

Systematizing Security Test Planning Using Functional Requirements Phrases

Description:

Systematizing Security Test Planning Using Functional Requirements Phrases Ben Smith Motivation Lack of developer experience/knowledge in software development ... – PowerPoint PPT presentation

Number of Views:20
Avg rating:3.0/5.0
Slides: 2
Provided by: BenS70
Category:

less

Transcript and Presenter's Notes

Title: Systematizing Security Test Planning Using Functional Requirements Phrases


1
Systematizing Security Test Planning Using
Functional Requirements Phrases
Ben Smith
  • Motivation
  • Lack of developer experience/knowledge in
    software development communities.
  • Software developers need a vehicle for knowledge
    transfer to proliferate security testing
    expertise.
  • Introduce and evaluate a pattern catalog of
    software security test patterns.
  • Security Test Pattern Components
  • Keywords
  • Targeted Vulnerability Types
  • Procedure Template
  • Expected Results Template
  • Example Procedure
  • Example Expected Results
  • Contributions
  • Introduced first six test patterns that
    empirically target the CWE/SANS Top 25.
  • Applied pattern catalog to 284 public
    requirements for EHR systems.
  • Created 137 black box test cases, and ran these
    on five EHRs for 685 test executions.
  • Thirty-seven percent (37) or 253 of the tests
    revealed vulnerabilities.
  • Different vulnerabilities than static
    analysis/automated penetration testing.

http//securitytestpatterns.org
Write a Comment
User Comments (0)
About PowerShow.com