Accession No.20210410
TitleImproving software security testing of Software Development Life Cycle (SDLC) for web-based applications by providing a quality Vulnerability Assessment system (Web-Vs).
Authors/Creators Ali Fathi Ali Sawehli (TP039437)

Software security testing is a type of software testing that can be conducted during the software development life cycle (SDLC) for any software. It mainly aims to discover and find vulnerability and security flaws in given software. Therefore, there are various types of software security testing such as penetration testing, vulnerability assessment, audit testing, code review, and more. Based on the gathered data through literature review and interviews, there are various issues and challenges that software testers are currently facing while conducting vulnerability assessment tasks for web applications in terms of portability, usability, compatibility, complexity, performance, accuracy, overall methodology, and more. Also, there are different factors to these issues, such as inexperienced testers.

Recently, most of the researchers suggested studying and address these issues in order to enable developers to develop a secure web application and protect them from external threats. Based on that, this dissertation disused and examined the issues and challenges in-depth in order to provide a solution that overcomes them. The solution came based on the software tester's suggestions and feedback as they are going to use the proposed Web-Vs model, and it is called the Web-Vs model. It basically consists of various stages that include the planning & scoping phase, initial vulnerability scanning and analyzing phase, remediation & reporting phase, and rescan phase. Also, this model provides a proposed system that works closely with Web-Vs Model. Besides, the interviewed software testers have evaluated the proposed Web-Vs model with the currently used model. Based on the analysis results, the Web-Vs model has shown a high outperformance when compared with the currently used models. Also, it has been justified that the proposed Web-Vs model can be considered as one of the efficient vulnerability assessment models and can be used as an alternative to other used models in software security testing for the web application.

SupervisorJulia Juremi, Dr.
InstitutionAsia Pacific University of Technology and Innovation (APU)
SchoolGraduate School of Technology
No. of pages119
Date typeSubmission
RefereedYes, this version has been refereed
Additional Information

A thesis submitted in fulfillment of the requirement of Asia Pacific University of Technology and Innovation for the award of the degree of MSc. in Software Engineering (UCMF1808BSE).

  • Sciences
  • - Software engineering

Software Testing ; Software Development Life Cycle (SDLC) ; Vulnerability Assessment ; Web Applications, Web-Vs model ; System engineering.

View Login to view full text