Review Pengujian Keamanan Perangkat Lunak dalam Software Development Life Cycle (SDLC)

  • Lindawani Siregar Politeknik Negeri Batam
Keywords: security testing; SDLC

Abstract

Pengujian keamanan perangkat lunak merupakan sarana penting untuk memastikan keamanan perangkat lunak. Tujuan utama pengujian keamanan adalah untuk memeriksa sejauh mana kelemahan mekanisme keamanan yang diimplementasikan. Hal ini dilakukan untuk menemukan kerentanan (vulnerabilities) suatu sistem dan memastikan apakah sistem terlindungi. Perangkat lunak yang keamanannya tidak baik akan berakibat hilangnya informasi dan dimanfaatkan oleh pihak lain yang tidak bertangung jawab. Cara yang lebih baik untuk meningkatkan keamanan perangkat lunak adalah dengan memasukkan pengujian keamanan (security testing)  dalam proses SDLC (Software Development Life Cycle). Tulisan ini mereview pendekatan pengujian keamanan perangkat lunak dan teknik yang diusulkan pada keamanan perangkat lunak beberapa tahun terakhir. Tulisan ini meninjau dan menyimpulkan teknik atau pendekatan yang digunakan pada pengujian keamanan perangkat lunak dalam beberapa penelitian.

Downloads

Download data is not yet available.

References

[1] Y. H. Tung, S. C. Lo, J. F. Shih, and H. F. Lin, “An integrated security testing frame-work for secure software development life cycle,” in The 18th Asia-Pacific Network Operations and Management Symposium (APNOMS), 2016.
[2] A. Sethi, “A review paper on levels, types & techniques in software testing,” in Inter-national Journal of Advanced Research in Computer Science, 2017, vol. 8, no. 7.
[3] R. Kumar, S. A. Khan, and R. A. Khan, “ Software security testing a pertinent framework,” in Journal of Global Research in Computer Science (JGRCS), vol. 5, no. 3, pp. 23-27, March. 2014.
[4] N. Mahendra and S. A. Khan, “A catego-rized review on software security testing,“ in International Journal of Computer Applica-tions, vol. 154, no. 1, Nov. 2016.
[5] S. Krishnaveni, D. Prabakaran, and S. Sivamohan, “Analysis of software security testing techniques in cloud computing,” in International Journal of Modern Trends in Engineering and Research, vol. 02, Issue. 01, Jan. 2015.
[6] G. McGraw, “Software security testing,” IEEE Security & Privacy, Sep.2004.
[7] M. Khari, Vaishali, and P. Kumar, “ Em-bedding security in Software Development Life Cycle (SDLC),” in International Confer-ence on Computing for Sustainable Global Development, 2016, pp. 3805-4421.
[8] J. Irena, “software testing methods and techniques,” IEEE Computer Society, 2008, pp. 30-35.
[9] M. A. Jamil, M. Arif, N. S. A. Abubakar, and A. Ahmad, “Software testing tech-niques: a literature review,“ in 6th Interna-tional Conference on Information and Com-munication Technology for The Muslim World, 2016.
[10] N. Jenkins, A Software Testing Primer. San Francisco, California : Creative Commons, 2008.
[11] Guru99, “Alpha testing Vs Beta testing,” 2017. [Online]. Available: https://www.guru99.com/alpha-beta-testing-demystified.html. [Accessed: 07 Dec 2019].
[12] Z. Hui, S. Huang, B. Hu and Y. Yao, "Software security testing based on typical SSD: A case study,"in 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), Chengdu, 2010, pp. V2-312-V2-316.
[13] S. Huang, Z. Hui, L. Wang, and X. M. Liu, “A Case Study of Software Security Test Based On Defects Threat Tree Modeling,” in International Conference on Multimedia Information Networking and Security, 2010.
[14] D. Fangquan, D. Chaoqun, Z. Yao, and L. Teng, “ Binary-oriented hybrid fuzz testing,” in IEEE, 2015, pp. 4799-8355.
[15] R. Baldoni, E. Coppa, D. Cono D'Elia, C. Demetrescu, and I. Finocchi, “A survey of symbolic execution techniques,” in Cyber Grand Challenge highlights from DEF CON 24, Aug. 2016.
[16] P. Ping, Z. Xuan, and M. Xinyue, “Re-search on security test for application software based on SPN,” in 13th Global Congress on Manufacturing and Management, GCMM, 2016, pp. 1140 – 1147.
[17] School of Informatic University of Ei-denburgh Scotland, “Stochastic Petri Nets,” 2017. [Online]. Available: http://www.inf.ed.ac.uk/teaching/courses/pm/Note7. [Accessed: 10 Dec 2019].
[18] A. A. Rais, “Interface-based software test-ing,” in Journal Of Systems Integration, 2016.
Published
2020-12-31
Section
Articles