1. ACPS
  2. All Volumes and Issues
  3. Volume 10, Number 1, 2025
  4. Intelligent Test Case Generation From Textual Security Requirements in Scrum: An NLP-Driven Approach

Intelligent Test Case Generation From Textual Security Requirements in Scrum: An NLP-Driven Approach

ACPS.
2025;
Volume 10, Number 1
: pp. 95 - 99
https://doi.org/10.23939/acps2025.01.095
Authors:
  1. T. R. Chura
  2. Myroslav Zvarych
1
Lviv Polytechnic National University, Department of Information Security Technologies
2
Lviv Polytechnic National University, Ukraine

This paper presents a method for automati- cally generating security-oriented test cases from textual requirements in SCRUM environments using Natural Language Processing. The proposed approach has com- bined transformer-based semantic analysis with behavior- driven development test templates to extract and translate functional, non-functional, and misuse-case security requirements. The solution has been tested on 30 real- world requirements derived from agile software projects. Evaluation results have demonstrated that the system achieved 91% precision, 93% recall, and complete (100%) coverage of input requirements. Compared to manual testing, the method has reduced the time required for test design by approximately 78% and revealed 65% more critical security vulnerabilities. The generated test cases have been structured to support integration with behavior- driven development and continuous integration/continuous deployment workflows. Overall, the results indicate that automation based on Natural Language Processing can substantially enhance the quality and efficiency of security validation processes within agile development environ- ments.

Security testing
NLP
SCRUM
Test automation
Requirements engineering
BDD
  1. Garousi, V., Bauer, S., & Felderer, M. (2020). NLP-assisted software testing: a systematic mapping of the literature. Information and Software Technology, 126, 106321. DOI:https://doi.org/10.1016/j.infsof.2020.106321.
  2. Rindell, K., Hyrynsalmi, S., & Leppänen, V. (2021). Security in agile software development: A practitioner survey. Information and Software Technology, 131, 106488. DOI: https://doi.org/10.1016/j.infsof.2020.106488.
  3. Boukhlif, M., Hanine, M., Kharmoum, N., Ruigómez Noriega, A., García Obeso, D., & Ashraf, I. (2024). Natural language processing-based software testing: A systematic literature review. IEEE Access, 12, 79383–79400. DOI:https://doi.org/10.1109/ACCESS.2024.3407753.
  4. Medeshetty, N., Ghazi, A. N., Alawadi, S., & Alkhabbas, F. (2025). From Requirements to Test Cases: An NLP-Based Approach for High-Performance ECU Test Case Automation. arXiv preprint arXiv:2505.00547. DOI:https://doi.org/10.48550/arXiv.2505.00547.
  5. Oliveira, A. R. de, & de  Oliveira, R. A. (2023). Using Behavior-Driven Development (BDD) for Non-Functional Requirements Elicitation: A Case Study Based on ISO/IEC/IEEE 25010. Journal of Software Engineering Research and Development, 3(3), 14. DOI:https:// doi.org/10.3390/software3030014.
  6. Souag, A., Salinesi, C., & Comyn-Wattiau, I. (2024). SecOnto: Ontological Representation of  Security Directives. Computers & Security, 130, 102456. DOI:https://doi.org/10.1016/j.cose.2024.102456.
  7. Devlin, J., Chang, M. W., Lee, K., & Toutanova, K. (2019). BERT: Pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805. DOI: https://doi.org/10.48550/arXiv.1810.04805.
  8. Chinnaswamy, A., Sabarish, B. A., & Menan, R. D. (2024). User Story Based Automated Test Case Generation Using NLP. Proceedings of the 2024 International Conference on Computational Intelligence in Data Science, 717, 156–166. DOI:https://doi.org/10.1007/978-3-031-69982-5_12.
  9. Mai, P. X., Nakamura, M., & Sato, T. (2018). NLP approach for requirements-based security testing. IEEE 29th International Symposium on Software Reliability Engineering (ISSRE), 58–69. DOI:https://doi.org/ 10.1109/ISSRE.2018.00017.
  10. Li, Z., Dutta, S., & Naik, M. (2025). IRIS: LLM-Assisted Static Analysis for Detecting Security Vulnerabilities.  In Proceedings of the International Conference on Learning Representations (ICLR). DOI:https://doi.org/10.48550/ arXiv.2408.10377