Irdin Pekaric scite author profile

Abstract. Security testing can broadly be described as (1) the testing of security requirements that concerns confidentiality, integrity, availability, authentication, authorization, nonrepudiation and (2) the testing of the software to validate how much it can withstand an attack. Agile testing involves immediately integrating changes into the main system, continuously testing all changes and updating test cases to be able to run a regression test at any time to verify that changes have not broken existing functionality. Software companies have a challenge to systematically apply security testing in their processes nowadays. There is a lack of guidelines in practice as well as empirical studies in real-world projects on agile security testing; industry in general needs a more systematic approach to security. The findings of this research are not surprising, but at the same time are alarming. The lack of knowledge on security by agile teams in general, the large dependency on incidental pen-testers, and the ignorance in static testing for security are indicators that security testing is highly under addressed and that more efforts should be addressed to security testing in agile teams.

show abstract

An analysis and classification of public information security data sources used in research and practice

Sauerwein

Pekaric

Felderer

et al. 2019

Computers & Security

View full text Add to dashboard Cite

A taxonomy of attack mechanisms in the automotive domain

Pekaric

Sauerwein

Haselwanter³

et al. 2021

Computer Standards & Interfaces

View full text Add to dashboard Cite

Applying Security Testing Techniques to Automotive Engineering

Pekaric

Sauerwein

Felderer

2019

View full text Add to dashboard Cite

Over the past few decades, the automotive industry was mostly focused on testing the safety aspects of a vehicle. However, this was not the case with security testing as it only began to be addressed recently. As a result, multiple approaches applying various security testing techniques on different software-based vehicle IT components emerged. With that said, the research and practice lack an overview about these techniques. In this paper, we conduct a systematic mapping study. This involved the investigation on the following five dimensions: (1) security testing techniques, (2) AUTOSAR layers, (3) functional interfaces of AUTOSAR, (4) vehicle lifecycle phases and (5) attacks. In total, 39 papers presenting approaches for security testing in automotive engineering were systematically selected and classified. The results identify multiple security testing techniques focusing on early phases of vehicle life cycle through the application and services layer of the AUTOSAR architecture. Finally, there is a need for security regression testing approaches, as well as combined security and safety testing approaches. CCS CONCEPTS• Security and privacy → Distributed systems security;

show abstract

Towards Understanding the Skill Gap in Cybersecurity

Goupil

Laskov

Pekaric

et al. 2022

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Irdin Pekaric

How is Security Testing Done in Agile Teams? A Cross-Case Analysis of Four Software Teams

An analysis and classification of public information security data sources used in research and practice

A taxonomy of attack mechanisms in the automotive domain

Applying Security Testing Techniques to Automotive Engineering

Towards Understanding the Skill Gap in Cybersecurity

Contact Info

Product

Resources

About