Framework for testing the security of application software at design phase

Abstract

Software security testing is essential to reveal the weaknesses in the security of the system. The security level of the software must be assessed properly and timely so that the security breaches can be prevented to occur otherwise they harm the system. Security testing during designing the software will be advantageous to reduce the rework and expenses required if it will be found insecure after the implementation. Security testing can be achieved efficiently through proper framework at the early stages of software development. Security can be checked at the initial level by taking inputs at the requirement phase and design phase so that loopholes can be found and the propagation of vulnerabilities can be prevented. At requirement phase security requirements can be filtered and then at the next phase designing artifacts can be inspected for security errors. A metric is designed which will grade the software under test and state that whether the system is secured at the proper level or not. In this paper a framework is proposed which is based on metric and the validation of the metric is done through the Weyuker’s property.