Recent Posts
-
Risk-Based Security Testing Primer
The goal of risk-based security testing is to improve the security testing process in order to cover especially risky areas of the application under test and at the same time minimize the time to market and to improve the use of resources by focusing testing work on areas with the highest risks. As such, risk-based security testing is one of the active research areas of the RASEN project, a field where we expect to bring valuable new contributions.
One of the challenges of deploying risk-based security testing regards the number and diversity of the required artifacts; these are traditionally maintained by different tools. Our contribution to address this issue consists in the RISKTest trace management platform that was developed on top of the Eclipse IDE and which supports the creation and documentation of cross-tool relations during activities of test development and execution. While the idea of traceability within a risk-based security testing context was first established during the DIAMONDS project, it is within RASEN that we first address this outstanding issue by a tool implementation.
The RISKTest trace management platform is based on a provisional version of the CReMa tool that was developed within the VERDE research project by Itemis and which is integrated into the Eclipse workbench of the Juno and Indigo releases. The tools supported by RISKTest include:
- The CORAS tool for security risk assessment
- ProR is employed for security requirement engineering and security test pattern catalogue data base.
- Papyrus is used for security test specification and modelling
- TTworkbench is used for security test execution
In order to find out more about our contributions please check out our article detailing RISKTest.
19 Dec 2014 / rasen_adm / Comments Off
Categories: News
Component-oriented Pattern-driven Security Testing with RACOMAT CORAS Tool v1.4 Released