Applying a Security Testing Methodology: a Case Study
نویسنده
چکیده
Security testing is a software testing discipline that aims to verify that the functionality of the software is resistant to attacks and data processed by the software is protected. To establish common requirements that the software must ful ll, software security standards are published. This thesis aims to describe and apply a process necessary to verify the security of a web application. A checklist of security requirements was gathered combining OWASP ASVS web application security standard and OWASP Top Ten project. Test cases were developed and web application UXP Portal was tested to verify the security requirements in the checklist. Numerous security vulnerabilities were identi ed by security testing. The recommendations based on lessons learned during the case study were presented.
منابع مشابه
Mapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کاملTesting Weak-Form Efficient Capital Market Case Study: TSE and DJUS Indices
The present study investigated weak-form market information efficiency in Tehran security exchange (TSE) as an emerging market and in Dow Jones United States security exchange (DJUS) as a developed market based on random walk model. In each market, the random walk model was examined using daily and monthly returns of a set of indices. The results of the parametric and non-parametric tests indic...
متن کاملIs Your Inseam a Biometric? A Case Study on the Role of Usability Studies in Developing Public Policy
In this paper, we present a case study of applying usable privacy methodologies to inform debate regarding a multistakeholder public policy decision. In particular, the National Telecommunications and Information Administration (NTIA) relied on a multi-stakeholder process to define a set of categories for short-form privacy notices on mobile devices. These notices are intended for use in a Unit...
متن کاملSecurity Testing by Telling TestStories
Security testing is very important to assure a certain level of reliability in a system. On the system level, security testing has to guarantee that security requirements such as confidentiality, integrity, authentication, authorization, availability and non-repudiation hold. In this paper, we present an approach to system level security testing of service oriented systems that evaluates securi...
متن کاملExploring the Type of Relationship between Information Security Management and Organizational Culture (Case Study in TAM Iran Khodro Co.)
A culture conducive to information security practice is extremely important for organizations since information has to be critical assets in modern enterprises. Thus for understanding and improving the organizational behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM. This study aims ...
متن کامل