ALI FATHI ALI SAWEHLI (TP039437)
IMPROVING SOFTWARE SECURTIY TESTING OF SOFTWARE DEVELOPMENT LIFE CYCLE (SDLC) FOR WEB-BASED APPLICATIONS BY PROVIDING A QUALITY VULNERABILITY ASSESSMENT SYSTEM (Web-Vs) / ALI FATHI ALI SAWEHLI. - Kuala Lumpur : Asia Pacific University, 2019. - xv, 168 pages : illustrations ; 30 cm.
A thesis submitted in fulfilment of the requirements for the award of the degree of MSc. in Software Engineering (UCMF1808SE).
Software security testing is a type of software testing that can be conducted during the software development life cycle (SDLC) for any software. It mainly aims to discover and find vulnerability and security flaws in given software. Therefore, there are various types of software security testing such as penetration testing, vulnerability assessment, audit testing, code review and more. Based on the gathered data through literature review and interviews, there are various issues and challenges that software testers are currently facing while conducting vulnerability assessment tasks for web applications in terms of portability, usability, compatibility, complexity, performance, accuracy, overall methodology and more. Also, there are different factors to these issues, such as inexperienced testers. Recently, most of the researchers suggested to study and address these issues in order to enable developers to develop a secure web application and protect them from external threats. Based on that, this dissertation disused and examined the issues and challenges in-depth in order to provide a solution that overcomes them. The solution came based on the software testers suggestions and feedback as they are going to use the proposed Web-Vs model, and it is called Web-Vs model. It basically consists of various stages that include planning & scoping phase, initial vulnerability scanning and analyzing phase, remediation & reporting phase and rescan phase. Also, this model provides a proposed system that works closely with Web-Vs Model. Besides, the interviewed software testers have evaluated the proposed Web-Vs model with the currently used model. Based on the analysis results, the Web-Vs model has shown a high outperformance when compared with the currently used models. Also, it has been justified that the proposed Web-Vs model can be considered as one of the efficient vulnerability assessment models and can be used as an alternative to other used models in software security testing for the web application.
Computer software--Development.
System engineering.
PM-31-85
IMPROVING SOFTWARE SECURTIY TESTING OF SOFTWARE DEVELOPMENT LIFE CYCLE (SDLC) FOR WEB-BASED APPLICATIONS BY PROVIDING A QUALITY VULNERABILITY ASSESSMENT SYSTEM (Web-Vs) / ALI FATHI ALI SAWEHLI. - Kuala Lumpur : Asia Pacific University, 2019. - xv, 168 pages : illustrations ; 30 cm.
A thesis submitted in fulfilment of the requirements for the award of the degree of MSc. in Software Engineering (UCMF1808SE).
Software security testing is a type of software testing that can be conducted during the software development life cycle (SDLC) for any software. It mainly aims to discover and find vulnerability and security flaws in given software. Therefore, there are various types of software security testing such as penetration testing, vulnerability assessment, audit testing, code review and more. Based on the gathered data through literature review and interviews, there are various issues and challenges that software testers are currently facing while conducting vulnerability assessment tasks for web applications in terms of portability, usability, compatibility, complexity, performance, accuracy, overall methodology and more. Also, there are different factors to these issues, such as inexperienced testers. Recently, most of the researchers suggested to study and address these issues in order to enable developers to develop a secure web application and protect them from external threats. Based on that, this dissertation disused and examined the issues and challenges in-depth in order to provide a solution that overcomes them. The solution came based on the software testers suggestions and feedback as they are going to use the proposed Web-Vs model, and it is called Web-Vs model. It basically consists of various stages that include planning & scoping phase, initial vulnerability scanning and analyzing phase, remediation & reporting phase and rescan phase. Also, this model provides a proposed system that works closely with Web-Vs Model. Besides, the interviewed software testers have evaluated the proposed Web-Vs model with the currently used model. Based on the analysis results, the Web-Vs model has shown a high outperformance when compared with the currently used models. Also, it has been justified that the proposed Web-Vs model can be considered as one of the efficient vulnerability assessment models and can be used as an alternative to other used models in software security testing for the web application.
Computer software--Development.
System engineering.
PM-31-85