Security Testing using a Susceptibility Matrix

Software testing is a cost effective method to detect faults insoftware. Similarly, Security testing is intended to assess
the trustworthiness of the security mechanisms and is often
regarded as a special case of system testing. The emphasis
of Security testing is not to establish the functional correctness
of the software but to establish some degree of confidence in
the security mechanisms. It is the single most common
technique for gaining assurance that a system operates within
the constraints of a given set of policies and mechanisms.
Presently, there is no systematic approach to security testing.
Our goal has been to devise a classification scheme to increase
testing effort in high-risk areas and help the software
community to get feedback to improve continuously.