Abstract

MENEJIAS GARCIA, Roberto; HIDALGO REYES, Noel Harrinso; MARIN DIAZ, Aymara  and  TRUJILLO CASANOLA, Yaimí. Procedure for evaluating security of software products. Rev cuba cienc informat [online]. 2021, vol.15, n.4, suppl.1, pp. 333-349.  Epub Dec 01, 2021. ISSN 2227-1899.

In the software industry, the performance of quality tests is the main way to detect errors and vulnerabilities, however many investigations and trends show that they are carried out after the product is finished and many times only functional tests are executed. This is a problem since in many cases, in the results of the tests, problems of type are detected: vulnerability, failures in the integrity of the data, availability, losses and cost through the manipulation and theft of information. To ensure a higher level of security in systems, security tests are performed to specifically evaluate these critical elements. This article describes a procedure for performing non-functional tests to evaluate the quality characteristic of the security product. It is independent of the business, the type of product and the software development methodology. The procedure takes into account good documented practices in internationally recognized models, norms and standards, which in turn were enriched and individualized by experts from Cuban organizations. What to try and how to do it is described, and the results of the evaluation of the proposal by experts are shown.

Keywords : testing; vulnerability; security; procedure.

        · abstract in Spanish     · text in Spanish     · Spanish ( pdf )