ABSTRACT
Context: The concern with the security of software assets increases and makes the companies seek guarantees that the data stored by them is safe from unauthorized access and theft. These concerns are also applicable to the mobile software context and, as the devices have various capabilities, many security breaches may occur and expose users’ data. Thus, to guarantee security, the software testing process also includes security-related tests. Objective: empirically analyze the perceptions of practitioners from the mobile software testing environment on security-related testing topics. Method: A survey was performed among 49 software testing practitioners from a mobile software development company in Brazil regarding their perception of security testing practices. Results: We observed that there is a concern about security among the practitioners. On the other hand, the respondents indicated that there is also a lack of knowledge about the topics discussed. Conclusions: the results showed the general importance of the security testing practices by the practitioners as well as triggered the need for the creation of methods and techniques for better integration of security testing practices in the mobile software development, and also reinforced the need for improving the security culture in organizations.
- Amanda Andress. 2003. Surviving security: how to integrate people, process, and technology. Auerbach Publications.Google Scholar
- BRASIL. 2019. Código Civil. Lei Nº 13.853. “Lei Geral de Proteção de Dados Pessoais (LGPD).”. http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htmGoogle Scholar
- V Braun and V Clarke. 2012. Thematic analysis In Cooper H, Camic PM, Long DL, Panter AT, Rindskopf D, & Sher KJ (Eds.), APA handbook of research methods in psychology, Vol 2: Research designs: Quantitative, qualitative, neuropsychological, and biological (pp. 57–71). Washington, DC: American Psychological Association.[Google Scholar] (2012).Google Scholar
- Lee Copeland. 2004. A practitioner’s guide to software test design. Artech House.Google Scholar
- Arilo Claudio Dias-Neto, Santiago Matalonga, Martín Solari, Gabriela Robiolo, and Guilherme Horta Travassos. 2017. Toward the characterization of software testing practices in South America: looking at Brazil and Uruguay. Software Quality Journal 25, 4 (2017), 1145–1183.Google ScholarDigital Library
- André Bittencourt do Valle. 2015. Fundamentos do gerenciamento de projetos. Editora FGV.Google Scholar
- Michael Felderer, Matthias Büchler, Martin Johns, Achim D Brucker, Ruth Breu, and Alexander Pretschner. 2016. Security testing: A survey. In Advances in Computers. Vol. 101. Elsevier, 1–51.Google Scholar
- Alessio Ferrari, Paola Spoletini, Muneera Bano, and Didar Zowghi. 2020. SaPeer and ReverseSaPeer: teaching requirements elicitation interviews with role-playing and role reversal. Requirements Engineering 25, 4 (2020), 417–438.Google ScholarDigital Library
- OWASP Foundation. 2020. OWASP Mobile Security Testing Guide. https://owasp.org/www-project-mobile-security-testing-guide/Google Scholar
- OWASP Foundation. 2020. OWASP Web Security Testing Guide v4. https://www.owasp.org/index.php/OWASP_Testing_ProjectGoogle Scholar
- William B Frakes and Kyo Kang. 2005. Software reuse research: Status and future. IEEE transactions on Software Engineering 31, 7 (2005), 529–536.Google ScholarDigital Library
- Antonio Carlos Gil. 2008. Métodos e técnicas de pesquisa social. 6. ed. Ediitora Atlas SA.Google Scholar
- ISO Iso. 2001. Iec 9126-1: Software engineering-product quality-part 1: Quality model. Geneva, Switzerland: International Organization for Standardization 21 (2001).Google Scholar
- ISO/IEC. 2011. ISO/IEC 25010:2011 Systems and software engineering - Systems and software Quality Requirements and Evaluation (SQuaRE) - System and software quality models. https://www.iso.org/standard/35733.htmlGoogle Scholar
- Mark Kasunic. 2005. Designing an effective survey. Technical Report. Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst.Google Scholar
- Mariantonietta La Polla, Fabio Martinelli, and Daniele Sgandurra. 2012. A survey on security for mobile devices. IEEE communications surveys & tutorials 15, 1 (2012), 446–471.Google Scholar
- Mauricio Rocha Lyra. 2015. Governança da segurança da informação. Brasília: nd (2015).Google Scholar
- Glenford J Myers, Corey Sandler, and Tom Badgett. 2011. The art of software testing. John Wiley & Sons.Google ScholarDigital Library
- Matthew T Patrick. 2020. Exploring software reusability metrics with Q&A forum data. Journal of Systems and Software 168 (2020), 110652.Google ScholarCross Ref
- Bruce Potter and Gary McGraw. 2004. Software security testing. IEEE Security & Privacy 2, 5 (2004), 81–85.Google ScholarDigital Library
- Bruce Potter and Gary McGraw. 2004. Software security testing. IEEE Security & Privacy 2, 5 (2004), 81–85.Google ScholarDigital Library
- Pradeo. 2020. Mobile Security Report: The current mobile threat landscape. https://www.pradeo.com/en-US/datasheet/mobile-security-threat-reportGoogle Scholar
- Cleber Cristiano Prodanov and Ernani Cesar De Freitas. 2013. Metodologia do trabalho científico: métodos e técnicas da pesquisa e do trabalho acadêmico-2ª Edição. Editora Feevale.Google Scholar
- General Data Protection Regulation. 2016. Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016. Official Journal of the European Union (2016).Google Scholar
- David Rydning, John Reinsel, and John Gantz. 2018. The digitization of the world from edge to core. Framingham: International Data Corporation (2018), 16.Google Scholar
- Pedro Santos, Mariana Peixoto, and Jéssyka Vilela. 2021. Understanding the information security culture of organizations: Results of a Survey. In XVII Brazilian Symposium on Information Systems. 1–8.Google ScholarDigital Library
- Jéssyka Vilela and Alessio Ferrari. 2021. SaPeer Approach for Training Requirements Analysts: An Application Tailored to a Low-resource Context.. In REFSQ. 191–207.Google Scholar
- Wandera. 2020. Mobile Threat Landscape Report 2020. https://www.wandera.com/mobile-threat-landscape/Google Scholar
- Claes Wohlin, Per Runeson, Martin Höst, Magnus C Ohlsson, Björn Regnell, and Anders Wesslén. 2012. Experimentation in software engineering. Springer Science & Business Media.Google ScholarCross Ref
- Chris Wysopal, Lucas Nelson, Elfriede Dustin, and Dino Dai Zovi. 2006. The art of software security testing: identifying software security flaws. Pearson Education.Google Scholar
Index Terms
- Perceptions of Practitioners on Security-Related Software Testing in a Mobile Software Development Company
Recommendations
Software security in DevOps: synthesizing practitioners' perceptions and practices
CSED '16: Proceedings of the International Workshop on Continuous Software Evolution and DeliveryIn organizations that use DevOps practices, software changes can be deployed as fast as 500 times or more per day. Without adequate involvement of the security team, rapidly deployed software changes are more likely to contain vulnerabilities due to ...
The Application and Research of Software Testing on Agile Software Development
ICEE '10: Proceedings of the 2010 International Conference on E-Business and E-GovernmentSoftware testing is the key for software quality. Agile software development method that is new methodology in recent years embraces change and fixes attention on the delivery of high quality software. Extreme Programming, the most popular one of agile, ...
Agile Software Development: The Straight and Narrow Path to Secure Software?
In this article, the authors contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken care of in an agile ...
Comments