A trace management platform for risk-based security testing

The goal of risk-based security testing is to improve the security testing process in order to cover especially risky areas of the application under test and at the same time minimize the time to market and to improve the use of resources by focusing testing work on areas with the highest risks. In RBST risk factors are identified and risk-based security test cases are created and prioritized according to an applicable selection strategy. One of the challenges in RBST is to keep track of the different artifacts that are often managed by different tools. Traceability is the key to manage complex systems in development and testing. This paper introduces RISKTest, a trace management platform on the basis of Eclipse that supports the creation and documentation of cross-tool relations during test development and test execution. RISKTest is dedicated to risk-based security testing. Thus, we concentrate on the management of traces between the artifacts from risk assessment and testing and the definitions of services that automatically analyze the related artifacts for security and testing related aspects. RISKTest has been developed in the DIAMONDS and RASEN projects and evaluated within the project's case studies.