Using CAPEC for Risk-Based Security Testing

Sammendrag

We present a method for risk-based security testing that takes a set of CAPEC attack patterns as input and produces a risk model which can be used for security test identification and prioritization. Since parts of the method can be automated, we believe that the method will speed up the process of constructing a risk model significantly. We also argue that the constructed risk model is suitable for security test identification and prioritization.

Kategori

Vitenskapelig artikkel

Språk

Engelsk

Forfatter(e)

Fredrik Seehusen

Institusjon(er)

SINTEF Digital / Sustainable Communication Technologies

År

2015

Publisert i

Lecture Notes in Computer Science (LNCS)

ISSN

0302-9743

Forlag

Springer

Årgang

9488

Side(r)

77 - 92

DOI

https://doi.org/10.1007/978-3-319-26416-5_6

Vis denne publikasjonen hos Cristin

Kontakt oss

Tjenester

Rapporter og publikasjoner

Forskningssenter og samarbeid

Karriere

Bærekraft

Institutter

Andre enheter

Ledelse og organisering

Om oss

Følg oss