TY - GEN
T1 - Yazilim güvenlik testi: Bir sistematik literatür Haritalamasi
AU - Yalçiner, Burcu
AU - Çiçek, Sena Sönmez
AU - Sahin, Esra
AU - Garousi, Vahid
PY - 2016/10/26
Y1 - 2016/10/26
N2 - Security testing of software systems such as mobile applications, web applications, computer applications and server applications has become an essential activity. As the area of software security testing (SST) has matured and the number of studies has increased, systematically categorizing the current state-of-The-Art is important. In this paper, we classify the established knowledge in this area through a systematic mapping study. In the scope of the study, three sets of mapping questions are posed, research keywords are selected, inclusion and exclusion criteria is defined, a classification schema is developed and refined systematically, and the selected primary studies are mapped according to this schema. Our final pool of papers consists of 67 papers. As our work is in progress, 65%-%70 of our final pool of papers has been analyzed. Some of the results of analysis are the following: (1) In the software security testing area, the types of contribution presented in primary studies vary and the top two leading facets are methods/techniques presented in 35 papers and tool presented in 13 papers; and (2) By investigating types of research methods used in papers, we observed that validation research used by 25 papers is the most preferred method among researchers.
AB - Security testing of software systems such as mobile applications, web applications, computer applications and server applications has become an essential activity. As the area of software security testing (SST) has matured and the number of studies has increased, systematically categorizing the current state-of-The-Art is important. In this paper, we classify the established knowledge in this area through a systematic mapping study. In the scope of the study, three sets of mapping questions are posed, research keywords are selected, inclusion and exclusion criteria is defined, a classification schema is developed and refined systematically, and the selected primary studies are mapped according to this schema. Our final pool of papers consists of 67 papers. As our work is in progress, 65%-%70 of our final pool of papers has been analyzed. Some of the results of analysis are the following: (1) In the software security testing area, the types of contribution presented in primary studies vary and the top two leading facets are methods/techniques presented in 35 papers and tool presented in 13 papers; and (2) By investigating types of research methods used in papers, we observed that validation research used by 25 papers is the most preferred method among researchers.
KW - Software security assessment
KW - Software security testing
KW - Software testing
UR - http://www.scopus.com/inward/record.url?scp=84996536233&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84996536233
VL - 1721
T3 - CEUR Workshop Proceedings
SP - 141
EP - 151
BT - Ulusal Yazılım Mühendisliği Sempozyumu
T2 - 10th Turkish National Software Engineering Symposium, UYMS 2016
Y2 - 24 October 2016 through 26 October 2016
ER -