Security testing of software systems such as mobile applications, web applications, computer applications and server applications has become an essential activity. As the area of software security testing (SST) has matured and the number of studies has increased, systematically categorizing the current state-of-The-Art is important. In this paper, we classify the established knowledge in this area through a systematic mapping study. In the scope of the study, three sets of mapping questions are posed, research keywords are selected, inclusion and exclusion criteria is defined, a classification schema is developed and refined systematically, and the selected primary studies are mapped according to this schema. Our final pool of papers consists of 67 papers. As our work is in progress, 65%-%70 of our final pool of papers has been analyzed. Some of the results of analysis are the following: (1) In the software security testing area, the types of contribution presented in primary studies vary and the top two leading facets are methods/techniques presented in 35 papers and tool presented in 13 papers; and (2) By investigating types of research methods used in papers, we observed that validation research used by 25 papers is the most preferred method among researchers.