A Fuzzy-based Unified Technique for Assessment of Software Security Testing

In light of the widespread need for and utilisation of software applications in the present scenario, the major challenge for to-day's information technology experts is to ensure efficacious as well as secure software systems. Software systems are vulnerable to attacks and may be used by malicious users or cybercriminals. Such threats have led to the development of various software security techniques for securing software systems. The software's security is highly influenced by the security attributes at the design phase of the development life cycle. In this league, the present study enlists the use Fuzzy Analytic Network Process (FANP) to obtain weights of the security attributes for developing a secure design of the software system. The FANP is used to identify the relationship between the security attributes and to prioritise them. Moreover, the prioritisation of the security at-tributes with respect to the test plan specification has also been undertaken in the study. This methodology would be helpful in balancing the trade-off between the conflicting security attributes. The study is an attempt to investigate and propose an alternate methodology for planning and testing the software systems.