Empirical Research for Software Security : Foundations and Experience.
- 1st ed.
- 1 online resource (323 pages)
- Series in Security, Privacy and Trust Series .
- Series in Security, Privacy and Trust Series .
Cover -- Half Title -- Title Page -- Copyright Page -- Table of Contents -- Preface -- List of Figures -- List of Tables -- Contributors -- 1: Empirical Research on Security and Privacy by Design -- 1.1 Introduction -- 1.2 Empirical Research on Security and Privacy by Design -- 1.3 Scoping -- 1.4 Planning -- 1.5 Operation -- 1.6 Analysis and Interpretation -- 1.7 Presentation and Packaging -- 1.8 Conclusion -- 2: Guidelines for Systematic Mapping Studies in Security Engineering -- 2.1 Introduction -- 2.2 Background on Systematic Mapping Studies in Software Engineering -- 2.3 Overview of Available Mapping Studies in Security Engineering -- 2.4 Guidelines for Systematic Mapping Studies in Security Engineering -- 2.5 Summary -- 3: An Introduction to Data Analytics for Software Security -- 3.1 Introduction -- 3.2 Secure Software Development -- 3.3 Software Security Analytical Process -- 3.4 Learning Methods Used in Software Security -- 3.5 Evaluation of Model Performance -- 3.6 More Lessons Learned -- 3.7 Conclusion -- 3.8 Acknowledgment -- 4: Generating Software Security Knowledge Through Empirical Methods -- 4.1 Introduction and Motivation -- 4.2 Empirical Methods for Knowledge Generation -- 4.3 Example Application Domain: Secure Software Development Research Project -- 4.4 Experiments -- 4.5 Systematic Literature Mappings -- 4.6 Case Studies -- 4.7 Experimental Replications -- 4.8 Conclusions -- 4.9 Acknowledgment -- 5: Visual Analytics: Foundations and Experiences in Malware Analysis -- 5.1 Introduction -- 5.2 Background in Malware Analysis -- 5.3 Visual Analytics Foundations -- 5.4 The Knowledge Generation Process -- 5.5 Design and Evaluation for Visual Analytics Systems -- 5.6 Experience in Malware Analysis -- 5.7 Future Directions -- 5.8 Conclusions -- 6: Analysis of Metrics for Classification Accuracy in Intrusion Detection. 6.1 Introduction -- 6.2 Evaluation Metrics -- 6.3 Literature Review -- 6.4 What Hinders Adoption of Alternative Metrics -- 6.5 Guidelines for Introducing New Evaluation Metrics -- 6.6 Conclusions -- 6.7 Acknowledgement -- 7: The Building Security in Maturity Model as a Research Tool -- 7.1 Introduction -- 7.2 Background -- 7.3 Questionnaires in Software Security -- 7.4 A Case Study -- 7.5 Discussion -- 7.6 Conclusion -- 8: Agile Test Automation for Web Applications- A Security Perspective -- 8.1 Introduction -- 8.2 Methodology -- 8.3 Risk Assessment -- 8.4 Testing and Test Automation from the Security Perspective -- 8.5 Static Analysis Tools -- 8.6 Dynamic Analysis Tools and Frameworks -- 8.7 Evaluating Static/Dynamic Analysis Tools and Frameworks -- 8.8 Appraisal of the Tools -- 8.9 Conclusion -- 9: Benchmark for Empirical Evaluation of Web Application Anomaly Detectors -- 9.1 Introduction -- 9.2 Literature Review -- 9.3 Benchmark Characteristics for Application-Layer Attack Detection Approaches -- 9.4 An Example Environment for Generating Benchmark Data -- 9.5 Using the Benchmark Dataset to Evaluate an IDS -- 9.6 Conclusion -- 10: Threats to Validity in Empirical Software Security Research -- 10.1 Introduction -- 10.2 Defining Validity -- 10.3 Validity for Quantitative Research -- 10.4 Threats to Validity for Qualitative Research -- 10.5 Summary and Conclusions -- Index.