Abstract
Security testing is a process of determining risks present in the system states and protects them from vulnerabilities. But security testing does not provide due importance to threat modeling and risk analysis simultaneously that affects confidentiality and integrity of the system. Risk analysis includes identification, evaluation and assessment of risks. Threat modeling approach is identifying threats associated with the system. Risk-driven security testing uses risk analysis results in test case identification, selection and assessment to prioritize and optimize the testing process. Threat modeling approach, STRIDE is generally used to identify both technical and non-technical threats present in the system. Thus, a security testing mechanism based on risk analysis results using STRIDE approach has been proposed for identifying highly risk states. Risk metrics considered for testing includes risk impact, risk possibility and risk threshold. Risk threshold value is directly proportional to risk impact and risk possibility. Risk-driven security testing results in reduced test suite which in turn reduces test case selection time. Risk analysis optimizes the test case selection and execution process. For experimentation, the system models namely LMS, ATM, OBS, OSS and MTRS are considered. The performance of proposed system is analyzed using Test Suite Reduction Rate (TSRR) and FSM coverage. TSRR varies from 13.16 to 21.43% whereas FSM coverage is achieved up to 91.49%. The results show that the proposed method combining risk analysis with threat modeling identifies states with high risks to improve the testing efficiency.Electronic supplementary materialThe online version of this article (doi:10.1186/2193-1801-3-754) contains supplementary material, which is available to authorized users.
Highlights
Testing is a process of identifying defects and checking the performance functionalities present in a system
Library Management System (LMS) starts with checking of ID and the number of books borrowed by each user
5 Conclusion the proposed system applying STRIDE threat modeling in risk analysis for identifying risks present in a system and reducing test cases based on risk analysis results performed better than the existing system
Summary
Testing is a process of identifying defects and checking the performance functionalities present in a system. RST is a part of Risk-based testing which uses risk analysis results in test case identification and selection for optimizing the test process (Schieferdecker et al 2011). The first step is to find the target system for risk analysis It is followed by test case generation and execution for the development of risk models by identifying potential risks which is subjected to risk assessment. 3.1 Proposed work The proposed Security Testing system mainly based on two concepts namely Risk Analysis and Threat Modeling approach. 3.4 Risk analysis module In this module, the states which have threats are taken and it is sent for risk analysis Risk will be compared with risk threshold and such state will be assigned with high, medium and low risks
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
