Write a Blog >>
Fri 13 Nov 2020 08:30 - 08:32 at Virtual room 1 - Testing 4

Since the systematic integration of risk assessment and testing is a relevant approach to address product risks in software development and to cope with limited testing resources, current standards like ISO/IEC/IEEE 29119, ETSI EG 203 251, or the OWASP Security Testing Guide recommend a systematic integration between these two domains. The systematic combination of risk assessment and testing is known as risk-based testing, and it applies assessed risks of the software product as the guiding factor to steer all phases of a test process, i.e., test planning, design, implementation, execution, and evaluation. Risk-based testing has become quite popular, and several approaches were developed. However, the standards stay mostly abstract with regard to the concrete implementation and do often not provide concrete guidance on how to define, adapt, or assess risk-based testing approaches and tools. Because of the growing demand for risk-based testing processes by industry and the increasing number of available risk-based testing approaches, solid methodological support to define, tailor, categorize, assess, compare, and select risk-based testing approaches is required. This presentation provides a taxonomy for risk-based testing that serves as a tool to define, tailor, or assess risk-based testing approaches in general and to instantiate risk-based testing approaches for the current testing standards ISO/IEC/IEEE 29119, ETSI EG and OWASP Security Testing Guide in particular. We will demonstrate the usefulness of the taxonomy by applying it to the aforementioned standards as well as to the risk-based testing approaches SmartTesting, RACOMAT, PRISMA, and risk-based test case prioritization using fuzzy expert systems. Our taxonomy provides the methodological support to systematically identify deviations between the standards’ requirements and the individual testing approaches so that we are able to position and compare the testing approaches and discuss their potential for practical application. Considering at least the approaches that have been subject to our evaluation, we can state that there is already a good coverage of the requirements. However, there are differences between the approaches, and not all required areas of risk-based testing are fully supported. In the course of our presentation, especially practitioners will get a systematic overview of the requirements from standardization, by which techniques and procedures these requirements can be instantiated, and how risk-based testing approaches can be tailored and compared.

Fri 13 Nov
Times are displayed in time zone: (UTC) Coordinated Universal Time change

08:30 - 08:32
Talk
Journal First
Juergen GrossmannFraunhofer, Michael FeldererUniversity of Innsbruck, Johannes ViehmannFraunhofer FOKUS, Germany, Ina SchieferdeckerFraunhofer FOKUS & TU Berlin, Germany
08:33 - 08:34
Talk
Research Papers
Manuel RiggerETH Zurich, Zhendong SuETH Zurich
DOI Pre-print Media Attached
08:35 - 08:36
Talk
Research Papers
Valerio TerragniUSI Lugano, Switzerland, Gunel JahangirovaUSI Lugano, Switzerland, Paolo TonellaUSI Lugano, Switzerland, Mauro PezzeUSI Lugano, Switzerland
DOI
08:37 - 08:38
Talk
Journal First
Yunho KimKAIST, SEOKHYEON MUNKAIST, Shin YooKorea Advanced Institute of Science and Technology, Moonzoo KimKAIST and V+Lab
08:39 - 08:40
Talk
Research Papers
Alexander KampmannCISPA, Germany, Nikolas HavrikovCISPA, Germany, Ezekiel O. SoremekunCISPA, Germany, Andreas ZellerCISPA, Germany
DOI
08:41 - 09:00
Talk
Paper Presentations
Manuel RiggerETH Zurich, Valerio TerragniUSI Lugano, Switzerland, Gunel JahangirovaUSI Lugano, Switzerland, Alexander KampmannCISPA, Germany, M: Marcel BöhmeMonash University, Australia