Affiliation:
1. Department of Computer Science and Engineering, Delhi Technological University, Delhi, India
Abstract
The researchers have been focusing on embedding security from the early phases of software development lifecycle. They have researched and innovated a field of Security Engineering where security concerns are embedded during requirement, design, and testing phases of software development. Efforts were made in developing methods, methodologies, and tools to handle security issues. Various methods are present in the literature for eliciting, analyzing and prioritizing the security requirements. During the design phase based on prioritized requirements, environment parameters and attribute a suitable security algorithm mainly cryptography algorithms are identified. Then a question arises how to test the effectiveness of chosen algorithm? Therefore, as an answer to the issue in this paper, a process for Security Testing is presented that evaluates the selected security algorithms. Evaluation is done by generating the test scenarios for functionalities using sequence diagram representing the threats at vulnerable points. Then, checking the mitigation of potential threats at identified vulnerable points. A security index is generated which shows the effectiveness of deployed/ chosen security algorithm. The process ends with the generation of a test report depicting the testing summary. For a clear understanding of the process, the proposal is illustrated with a case study of the cloud storage as a service model.
Reference25 articles.
1. Software penetration testing
2. Common Criteria Implementation Board (CCIMB). (1999). Common criteria for information technology security evaluation (Technical report CCIMB-99-031).
3. “A framework for development of secure software”
4. Dropbox. (n. d.). Retrieved March 2015 from https://www.dropbox.com/
5. Model-based security testing: a taxonomy and systematic classification