Software and security testing have recently moved their focus beyond the realm of network port scanning to include software and user behavior as critical aspects of information systems behavior and trust. The ongoing development of web-based systems and the increasing number of end-users have given rise to new issues for attention in interactive technologies and software development. Testing for security and trust is increasingly required to assure the quality (e.g. correctness, consistency and reliability) of software systems. Software quality assurance techniques for information systems security and trust are often misunderstood and their scope is not holistically viewed. Adequate testing goes deeper than simple black-box probing on the presentation layer (the sort performed by the so-called application security tools) and even beyond the functional testing of security aspects. Testers for trust and security must use many testing approaches, grounded in both the system's architectural reality, the possible future pitfalls and the end-users? sense of trust and requirements for security. Moreover, by identifying risks in the software systems and creating tests driven by those risks, a software trust/security tester can properly focus on those areas of design and code in which trust requirements will evolve. A multi-view approach to testing could provide a higher level of software security, quality assurance and increase reliability for various stakeholders and end-users.
Learning outcomes
The course?s main objectives are that i) the students become acquainted with a variety of testing techniques and ii) the interconnections of testing to the concepts and quality features of security of software and trust of information systems. The learning outcomes of the course, next, provide a more detailed content and context-specific outline. Upon completion of this course, the course participants are expected to be able to: LO1: Be aware of testing techniques, software tools and information systems development methodology that offer testing and enhance security, trust and software/total quality of information systems in general. LO2: Analyse and evaluate security and other risks (e.g. in various lifecycle phases, project management) by utilising scientific thinking, pattern/antipattern knowledge and expertise in order to facilitate decision making and trust. LO3: Create appropriate testing procedures and trust management techniques (e.g. use cases, test cases, patterns/antipatterns) and utilize them with problem solving strategies, in different application domains i.e. in business innovation, online identity management and other. LO4: Have knowledge of and use appropriately (ethically and professionally) a variety of testing methods, techniques and tools and provide argumentation and justification on their suitability, e.g. black-box testing v white-box testing in anti-phishing technology design. LO5: Understand and critically discuss the strengths and limitations of testing techniques, and security testing in particular in different application domains, e.g. risk analysis, trust management, use of social media, computer crime and the list can go on. LO6: Systematize knowledge acquired from a variety of examined case studies of safety-critical systems, i.e. railway accidents, Arianne-5, nuclear plants, design of the Olympic games information systems, airline flight security, online identity construction, where testing, security and trust were proved
Contents
The course will refer to the following topics: software quality assurance (basic concepts), software testing (basic techniques), security & trust requirements, software reliability, correctness, consistency and completeness of systems requirements, formal computational models of testing, security and trust, software tools and their contribution to testing, online identity theft (phishing) ... Main questions handled: Some of the main questions that the course will deal with throughout its delivery are the following: What are testing, security and trust? What can be tested, secured and trusted and what not? How testing can be carried out? How security and trust could be assured? Why is it important to test? When to test? For whom is testing? When is (automated) testing needed - who requires it and who does not?
Further information on prerequisites and recommendations
The course is at Advanced MSc/Ph.D. level. The course participants should, at least, have the basic software development knowledge of e.g. programming languages, methods and tools, software quality models and testing concepts. The course is suitable for the second year MSc students and doctoral level students.
Teaching methods
Teaching method
Contact
Online
Lectures
Seminar
Teaching language
English
Modes of study
Option
1
Available for:
Degree Programme Students
Other Students
Open University Students
Doctoral Students
Exchange Students
Written exam
In
English
Exercise(s)
In
English
Option
2
Available for:
Degree Programme Students
Other Students
Open University Students
Doctoral Students
Exchange Students
Essay
In
English
Exercise(s)
In
English
Evaluation
and evaluation criteria
Numeric 1-5.
50% (Exam OR research essay writing) AND 50% Coursework (1 seminar presentation + exercises/tasks delivery).