Test case selection for penetration testing in mobile cloud computing applications: A proposed technique

The extensive use of mobile applications in terms of user’s number and size of diverse data has introduced additional security threats which make uncovering these vulnerabilities complex for testers. Testers use certain types of software security testing to detect software vulnerabilities, particula...

Full description

Bibliographic Details
Main Authors: Al-Ahmad, Ahmad Salah, Kahtan, Hasan
Format: Article
Language:English
Published: JATIT 2018
Subjects:
Online Access:http://umpir.ump.edu.my/id/eprint/28034/
http://umpir.ump.edu.my/id/eprint/28034/
http://umpir.ump.edu.my/id/eprint/28034/1/Test%20case%20selection%20for%20penetration.pdf
Description
Summary:The extensive use of mobile applications in terms of user’s number and size of diverse data has introduced additional security threats which make uncovering these vulnerabilities complex for testers. Testers use certain types of software security testing to detect software vulnerabilities, particularly penetration testing. Test case selection is an essential phase of penetration testing, especially when testing complex and large applications. Multiple techniques have been proposed for selecting test cases to be used in penetration testing. In general, the majority of such techniques select a set of test cases that cover the designated paths and fit well with the user requirements. This study reviews existing techniques and models that are used for test case selection. Methods, strengths and weaknesses are the main factors that are presented in this study. This study shows that offloading, that is, the technology used in mobile cloud computing applications, has been disregarded by existing techniques and models for test case selection. Therefore, this study proposes an enhanced test case selection technique for penetration testing. This proposed technique considers offloading parameters when selecting test cases to improve coverage paths and reflect user preferences in terms of cloud and mobile priority percentages. Moreover, test cases for both mobile and cloud in the mobile cloud computing applications are considered to be selected in list of test cases to be executed. Besides, user preferences feature is provided in the selection process to reflect the importance of each parties, cloud and mobile sides of the application under test. The proposed technique will improve the security of mobile cloud computing applications by exposing the possible vulnerabilities from both mobile and cloud sides application.