Applying a Security Testing Methodology: a Case Study
Name
Karin Klooster
Abstract
Security testing is a software testing discipline that aims to verify that the functionality of the software is resistant to attacks and data processed by the software is protected. To establish common requirements that the software must fulfill, software security standards are published. This thesis aims to describe and apply a process necessary to verify the security of a web application. A checklist of security requirements was gathered combining OWASP ASVS web application security standard and OWASP Top Ten project. Test cases were developed and web application UXP Portal was tested to verify the security requirements in the checklist. Numerous security vulnerabilities were identified by security testing. The recommendations based on lessons learned during the case study were presented.
Graduation Thesis language
English
Graduation Thesis type
Bachelor - Computer Science
Supervisor(s)
Meelis Roos, Margus Freudenthal
Defence year
2016