1. CSN
  2. All Volumes and Issues
  3. Volume 6, Number 2, 2024
  4. Role, Problems, and Methods of Software Security Testing Automation

Role, Problems, and Methods of Software Security Testing Automation

CSN.
2024;
Volume 6, Number 2
: pp. 131-140
https://doi.org/10.23939/csn2024.02.131
Authors:
  1. Maksym Maksymovych
  2. Lesia Mychuda
1
Lviv Polytechnic National University, Department of Information Technologies Security
2
Lviv Polytechnic National University, Department of Computerized Automation Systems

In the modern world, where information security becomes a key element of any organization's operations, software security testing automation is more important than ever. The success of an application directly depends on its stability, reliability, and security, which makes the proper implementation of control mechanisms critical. The increase in cyber threats and the growing complexity of software systems make this topic even more relevant.

The main role of automation is to provide quick and efficient detection of potential application vulnerabilities during its development phase. Despite its obvious advantages, several issues complicate the implementation of automated solutions, such as the complexity of configuration, high implementation and maintenance costs, lack of expertise in the field, lack of prioritization.

This article examines the role of software security testing automation, challenges, methods, tools for testing, and ways to combine them for greater efficiency. Based on the analysis, an architectural solution is proposed that ensures quick, reliable, and regular security testing of the application at different stages of its lifecycle, significantly increasing the likelihood of its resistance to various vulnerabilities.

software
cybersecurity
automation
testing
containerization
protection
  1. Kokol, P. (2022). Software Quality: How Much Does It Matter? Electronics, 11(16), Article 16. https://doi.org/10.3390/electronics11162485
  2. Web Application Software Engineering Technology and Process | IEEE Conference Publication | IEEE Xplore. (n.d.). Retrieved May 3, 2024, from https://ieeexplore.ieee.org/document/9421250
  3. Mirakhorli, M., Galster, M., & Williams, L. (2020). Understanding Software Security from Design to Deployment. ACM SIGSOFT Software Engineering Notes, 45(2), 25–26. https://doi.org/10.1145/3385678.3385687
  4. Rajapakse, R. N., Zahedi, M., Babar, M. A., & Shen, H. (2022). Challenges and solutions when adopting DevSecOps: A systematic review. Information and Software Technology, 141, 106700. https://doi.org/10.1016/j.infsof.2021.106700
  5. Concea-Prisăcaru, A.-I., Nițescu, T.-A., & Sgârciu, V. (2023). SDLC AND THE IMPORTANCE OF SOFTWARE SECURITY. UPB Scientific Bulletin, Series C: Electrical Engineering and Computer Science, 85(1), 117–130. Scopus.
  6. Song, B., Sun, L., & Qin, Z. (2022). Design of Web Security Penetration Test System Based on Attack and Defense Game. Scientific Programming, 2022. Scopus. https://doi.org/10.1155/2022/8645969
  7. Dalai, A. K., & Jena, S. K. (2017). Neutralizing SQL Injection Attack Using Server Side Code Modification in Web Applications. Security and Communication Networks, 2017, e3825373. https://doi.org/10.1155/2017/3825373
  8. Wu, Y., Su, J., Moran, D. D., & Near, C. D. (2023). Automated Software Testing Starting from Static Analysis: Current State of the Art (Version 1). arXiv. https://doi.org/10.48550/ARXIV.2301.06215
  9. Nagendran, K., Adithyan, A., Chethana, R., Camillus, P., & Bala Sri Varshini, K. B. (2019). Web application penetration testing. International Journal of Innovative Technology and Exploring Engineering, 8(10), 1029–1035. Scopus. https://doi.org/10.35940/ijitee.J9173.0881019
  10. Brito, T., Ferreira, M., Monteiro, M., Lopes, P., Barros, M., Santos, J. F., & Santos, N. (2023). Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages. IEEE Transactions on Reliability, 72(4), 1324–1339. Scopus. https://doi.org/10.1109/TR.2023.3286301
  11. Fredj, O. B., Cheikhrouhou, O., Krichen, M., Hamam, H., & Derhab, A. (2021). An OWASP Top Ten Driven Survey on Web Application Protection Methods. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 12528 LNCS, 235–252. Scopus. https://doi.org/10.1007/978-3-030-68887-5_14
  12. Higuera, J.-R., Bermejo, J., Montalvo, J. A., Villalba, J., & P閞ez, J. (2020). Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities. Computers, Materials and Continua, 64, 1555–1577. https://doi.org/10.32604/cmc.2020.010885
  13. Li, J. (2020). Vulnerabilities mapping based on OWASP-SANS: A survey for static application security testing (SAST). Annals of Emerging Technologies in Computing, 4(3), 1–8. Scopus. https://doi.org/10.33166/AETiC.2020.03.001
  14. Yang, J., Tan, L., Peyton, J., & A Duer, K. (2019). Towards Better Utilizing Static Application Security Testing. 51–60. Scopus. https://doi.org/10.1109/ICSE-SEIP.2019.00014
  15. Singh, R., Kumar Gupta, M., Patil, D. R., & Maruti Patil, S. (2024). Analysis of Web Application Vulnerabilities using Dynamic Application Security Testing. 2024 IEEE 9th International Conference for Convergence in Technology, I2CT 2024. Scopus. https://doi.org/10.1109/I2CT61223.2024.10543484
  16. OWASP DevSecOps Guideline—V-0.2 | OWASP Foundation. (n.d.). Retrieved October 14, 2024, from https://owasp.org/www-project-devsecops-guideline/latest/02b-Dynamic-App...
  17. Pan, Y. (2019). Interactive Application Security Testing. 2019 International Conference on Smart Grid and Electrical Automation (ICSGEA), 558–561. 2019 International Conference on Smart Grid and Electrical Automation (ICSGEA). https://doi.org/10.1109/ICSGEA.2019.00131