Empirical Research for Software Security Foundations and Experience

Developing secure software requires the integration of numerous methods and tools into the development process, and software design is based on shared expert knowledge, claims, and opinions. Empirical methods, including data analytics, allow extracting knowledge and insights from the data that organ...

Full description

Saved in:

Bibliographic Details
Main Authors:	ben Othmane, Lotfi, Jaatun, Martin Gilje, Weippl, Edgar
Format:	eBook
Language:	English
Published:	United States CRC Press 2017 Taylor & Francis Group
Edition:	1
Series:	Series in Security, Privacy and Trust
Subjects:	Achim D. Brucker Agile methods Alexander Rind Alvaro A. Cardenas Combinatorial testing Computer Engineering Computer networks Computer programming, programs, data Computer security COMPUTERSCIENCEnetBASE Daniel A. Keim Daniela S. Cruzes Dimitri Van Landuyt Dominik Sacha Eduardo B. Fernandez Fabian Fischer Gilberto Pedraza Hanno Langweg HernAstudillo Hisham Haddad Hossain Shahriar INFORMATIONSCIENCEnetBASE InfoSECURITYnetBASE IT Security ITECHnetBASE Jeffrey C. Carver Kim Wuyts Koen Yskout Lotfi ben Othmane Markus Wagner Martin Gilje Jaatun Michael Felderer Natalia Stakhanova Peter Tsalovski René Noël Riccardo Scandariato Robert Bronte Robert Luh Sandra Domenique Ringmann SCI-TECHnetBASE Security measures Software Engineering & Systems Development STMnetBASE TCP Stride ACM Digital Library Roc Curve Secure Software Engineering Security Patterns Open Source Software VA System Black Box Testing Software Security Secure Software Development SQL Injection SDL Intrusion Detection Information Visualization Web Application Security Testing Search String False Alarm Rate Malware Analysis Web Application Malware Samples Application Layer Attacks Visualization Systems Id Quantitative Research
ISBN:	1498776426, 9781498776424, 9781498776417, 1498776418, 0367572540, 9780367572549
Online Access:	Get full text
Tags:	Add Tag No Tags, Be the first to tag this record!

Table of Contents:

Cover -- Half Title -- Title Page -- Copyright Page -- Table of Contents -- Preface -- List of Figures -- List of Tables -- Contributors -- 1: Empirical Research on Security and Privacy by Design -- 1.1 Introduction -- 1.2 Empirical Research on Security and Privacy by Design -- 1.3 Scoping -- 1.4 Planning -- 1.5 Operation -- 1.6 Analysis and Interpretation -- 1.7 Presentation and Packaging -- 1.8 Conclusion -- 2: Guidelines for Systematic Mapping Studies in Security Engineering -- 2.1 Introduction -- 2.2 Background on Systematic Mapping Studies in Software Engineering -- 2.3 Overview of Available Mapping Studies in Security Engineering -- 2.4 Guidelines for Systematic Mapping Studies in Security Engineering -- 2.5 Summary -- 3: An Introduction to Data Analytics for Software Security -- 3.1 Introduction -- 3.2 Secure Software Development -- 3.3 Software Security Analytical Process -- 3.4 Learning Methods Used in Software Security -- 3.5 Evaluation of Model Performance -- 3.6 More Lessons Learned -- 3.7 Conclusion -- 3.8 Acknowledgment -- 4: Generating Software Security Knowledge Through Empirical Methods -- 4.1 Introduction and Motivation -- 4.2 Empirical Methods for Knowledge Generation -- 4.3 Example Application Domain: Secure Software Development Research Project -- 4.4 Experiments -- 4.5 Systematic Literature Mappings -- 4.6 Case Studies -- 4.7 Experimental Replications -- 4.8 Conclusions -- 4.9 Acknowledgment -- 5: Visual Analytics: Foundations and Experiences in Malware Analysis -- 5.1 Introduction -- 5.2 Background in Malware Analysis -- 5.3 Visual Analytics Foundations -- 5.4 The Knowledge Generation Process -- 5.5 Design and Evaluation for Visual Analytics Systems -- 5.6 Experience in Malware Analysis -- 5.7 Future Directions -- 5.8 Conclusions -- 6: Analysis of Metrics for Classification Accuracy in Intrusion Detection
6.1 Introduction -- 6.2 Evaluation Metrics -- 6.3 Literature Review -- 6.4 What Hinders Adoption of Alternative Metrics -- 6.5 Guidelines for Introducing New Evaluation Metrics -- 6.6 Conclusions -- 6.7 Acknowledgement -- 7: The Building Security in Maturity Model as a Research Tool -- 7.1 Introduction -- 7.2 Background -- 7.3 Questionnaires in Software Security -- 7.4 A Case Study -- 7.5 Discussion -- 7.6 Conclusion -- 8: Agile Test Automation for Web Applications- A Security Perspective -- 8.1 Introduction -- 8.2 Methodology -- 8.3 Risk Assessment -- 8.4 Testing and Test Automation from the Security Perspective -- 8.5 Static Analysis Tools -- 8.6 Dynamic Analysis Tools and Frameworks -- 8.7 Evaluating Static/Dynamic Analysis Tools and Frameworks -- 8.8 Appraisal of the Tools -- 8.9 Conclusion -- 9: Benchmark for Empirical Evaluation of Web Application Anomaly Detectors -- 9.1 Introduction -- 9.2 Literature Review -- 9.3 Benchmark Characteristics for Application-Layer Attack Detection Approaches -- 9.4 An Example Environment for Generating Benchmark Data -- 9.5 Using the Benchmark Dataset to Evaluate an IDS -- 9.6 Conclusion -- 10: Threats to Validity in Empirical Software Security Research -- 10.1 Introduction -- 10.2 Defining Validity -- 10.3 Validity for Quantitative Research -- 10.4 Threats to Validity for Qualitative Research -- 10.5 Summary and Conclusions -- Index