A Novel Approach for Security Testing of Client Server Based Applications using Misuse Deployment Diagrams, Misuse Cases and Threat Trees

Security testing is one of the most important security practices today. To secure an application it’s important to go for a security testing phase during the development life cycle. Many useful enhancements are done using UML diagrams to model security like Misuse cases, Mis-sequence diagrams and Misuse deployment diagrams etc. Misuse deployment diagrams can be used to model a client server environment with security aspects. Since in client server environment it is important to know where to apply your security, it’s better to use Misuse Deployment diagrams which can give an overall view of the system in a single model. Based on this fact, an approach is proposed in this paper by combining Misuse deployment diagrams and Misuse Case diagrams with threat trees to generate security test cases. The approach is demonstrated with a case study where Misuse deployment diagrams, Misuse Cases are used to show that possible security defects can be identified using these diagrams and combined those with threat trees. Finally the threat trees are traversed to generate test sequences. This approach is suitable for detecting threats that need to be tested in location specific manner in client-server applications.