Software Security Testing Techniques and Tools
report
The importance of cybersecurity in our digitalising society is nowadays well-understood. In practice however, cybersecurity is too often an afterthought. Countermeasures are taken in reaction to vulnerability exposures and cyber incidents as they happen. A transition towards inherently cyber-resilient systems starts with early and systematic testing of these systems and the software that drives them. Software security testing is complementary to regular (functional) software testing and focuses specifically on discovering security risks and vulnerabilities.
This memo summarises the field of software security testing, providing a comprehensive overview of the techniques and tools employed within this field of testing. It aims to make the connection between current practice and newer technologies. This is important as newer technologies can greatly improve the effectiveness and efficiency of current software security testing techniques. In particular, by applying smart automation they can reduce the human effort and required expertise for testing. This lowers the threshold and builds a business case for software security testing.
In this document, the capabilities and characteristics of technologies are discussed on a qualitative level, based on desk research and experience available within TNO. No extensive experimental assessment was performed to verify all functionalities or acquire performance metrics.
This memo summarises the field of software security testing, providing a comprehensive overview of the techniques and tools employed within this field of testing. It aims to make the connection between current practice and newer technologies. This is important as newer technologies can greatly improve the effectiveness and efficiency of current software security testing techniques. In particular, by applying smart automation they can reduce the human effort and required expertise for testing. This lowers the threshold and builds a business case for software security testing.
In this document, the capabilities and characteristics of technologies are discussed on a qualitative level, based on desk research and experience available within TNO. No extensive experimental assessment was performed to verify all functionalities or acquire performance metrics.
TNO Identifier
993746
Publisher
TNO
Collation
26 p.
Place of publication
Den Haag