Options
2009
Conference Paper
Titel
Security inspection scenarios - a facet of security
Titel Supplements
Conducting vulnerability-based code inspections
Abstract
Today's software is often subject to attacks that exploit vulnerabilities. Since in the area of security, vulnerabilities are hard to find, quality assurance needs detailed guidance. Focusing on early quality assurance, we propose Security Inspection Scenarios as reading support for static quality assurance. They provide detailed guidance and clear and comprehensible structuring. As the vulnerabilities are partly dependent on the operating system and programming language used, we need to build generic scenarios and instantiate them. In this paper, we show how to create Security Inspection Scenarios, accompanied by a short example demonstrating their usage. After an analysis of the possible benefits of our approach, a proposal for an evaluation is presented. We assume our scenarios support practitioners in a beneficial way and are applicable in most development lifecycles which are interested in security aspects.