11Automation and Traceability by Integrating Application Security Testing Tools into ALM Systems
KNOW WHAT YOU ARE DOING FROM BEGINNING TO END
This chapter presents how integrating application security testing tools into application lifecycle management (ALM) systems can assist with automation and traceability to help an organization implement a secure software development process. More specifically, this chapter discusses how automated application security testing tools – such as static code analysis tools, software composition analysis tools, and fuzz testing tools – can be integrated into ALM systems, which allows automating the testing, and tracing specific results from such tools to requirements defined in the automotive software development process.
Generally, a number of different functional and non‐functional requirements are used during the typical automotive software development process. However, lately, the automotive industry is incorporating more requirements regarding cybersecurity in the requirements for software development. These requirements include various methods for verification and testing to help identify bugs and vulnerabilities in the code, e.g. static code analysis and fuzz testing. Moreover, there may be detailed requirements on the use of coding guidelines, such as CERT (computer emergency response team) C/C++ [1, 2], MISRA (Motor Industry Software Reliability Association) C/C++ [3, 4], and AUTOSAR (AUTomotive Open System ARchitecture) C++ [5]. Besides ...
Get Building Secure Cars now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.