csce548-lect10

csce548-lect10 - CSCE 548 Secure Software Development...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
CSCE 548 CSCE 548 Secure Software Secure Software Development Development Risk-Based Security Testing Risk-Based Security Testing
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 548 - Farkas 2 Reading Reading This lecture: Risk-Based Security Testing, McGraw: Chapter 7 Next lecture: Security Operations, McGraw: Chapter 9
Background image of page 2
CSCE 548 - Farkas 3 Application of Touchpoints Application of Touchpoints Requirement and Use cases Architecture and Design Test Plans Code Tests and Test Results Feedback from the Field 5. Abuse cases 6. Security Requirements 2. Risk Analysis External Review 4. Risk-Based Security Tests 1. Code Review (Tools) 2. Risk Analysis 3. Penetration Testing 7. Security Operations
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 548 - Farkas 4 Software Testing Software Testing Running a program or system with the intent of finding errors Evaluating capability of the system and determining that its requirements are met Physical processes vs. Software processes Testing purposes To improve quality For Verification & Validation (V&V) For reliability estimation
Background image of page 4
CSCE 548 - Farkas 5 Quality Assurance Quality Assurance External quality: correctness, reliability, usability, integrity Interior (engineering) quality: efficiency, testability, documentation, structure Future (adaptability) quality: flexibility, reusability, maintainability
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 548 - Farkas 6 Correctness Testing Correctness Testing Black box: Test data are derived from the specified functional requirements without regard to the final program structure Data-driven, input/output driven, or requirements-based Functional testing No implementation details of the code are considered
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/13/2011 for the course CSCE 548 taught by Professor Farkas during the Spring '10 term at South Carolina.

Page1 / 23

csce548-lect10 - CSCE 548 Secure Software Development...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online