{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T05:23:55Z","timestamp":1749792235102,"version":"3.41.0"},"publisher-location":"Cham","reference-count":17,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319264158"},{"type":"electronic","value":"9783319264165"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-26416-5_6","type":"book-chapter","created":{"date-parts":[[2015,11,12]],"date-time":"2015-11-12T10:50:46Z","timestamp":1447325446000},"page":"77-92","source":"Crossref","is-referenced-by-count":1,"title":["Using CAPEC for Risk-Based Security Testing"],"prefix":"10.1007","author":[{"given":"Fredrik","family":"Seehusen","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,11,13]]},"reference":[{"key":"6_CR1","unstructured":"ISO 31000:2009(E): Risk management - Principles and guidelines (2009)"},{"key":"6_CR2","unstructured":"ISO\/IEEE 29119: Software and system engineering - software testing-Part 1\u20134 (2012)"},{"issue":"1","key":"6_CR3","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1016\/j.camwa.2012.10.009","volume":"65","author":"MM Alam","year":"2013","unstructured":"Alam, M.M., Khan, A.I.: Risk-based testing techniques: a perspective study. Int. J. Comput. Appl. 65(1), 42\u201349 (2013)","journal-title":"Int. J. Comput. Appl."},{"key":"6_CR4","doi-asserted-by":"crossref","unstructured":"Casado, R., Tuya, J., Younas, M.: Testing long-lived web services transactions using a risk-based approach. In: Proceedings of 10th International Conference on Quality Software (QSIC), pp. 337\u2013340. IEEE Computer Society (2010)","DOI":"10.1109\/QSIC.2010.46"},{"issue":"5","key":"6_CR5","doi-asserted-by":"publisher","first-page":"627","DOI":"10.1007\/s10009-014-0330-5","volume":"16","author":"G Erdogan","year":"2014","unstructured":"Erdogan, G., Li, Y., Runde, R.K., Seehusen, F., St\u00f8len, K.: Approaches for the combined use of risk analysis and testing: a systematic literature review. STTT 16(5), 627\u2013642 (2014)","journal-title":"STTT"},{"key":"6_CR6","doi-asserted-by":"crossref","unstructured":"Gleirscher, M.: Hazard-based selection of test cases. In: Proceedings of the 6th International Workshop on Automation of Software Test, pp. 64\u201370. ACM (2011)","DOI":"10.1145\/1982595.1982609"},{"key":"6_CR7","doi-asserted-by":"crossref","unstructured":"Kumar, N., Sosale, D., Konuganti, S.N., Rathi, A.: Enabling the adoption of aspects - testing aspects: a risk model, fault model and patterns. In: Proceedings of the 8th ACM International Conference on Aspect-oriented Software Development, AOSD 2009, pp. 197\u2013206. ACM (2009)","DOI":"10.1145\/1509239.1509266"},{"key":"6_CR8","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12323-8","volume-title":"Model Driven Risk Analysis - The CORAS Approach","author":"MS Lund","year":"2011","unstructured":"Lund, M.S., Solhaug, B., St\u00f8len, K.: Model Driven Risk Analysis - The CORAS Approach. Springer, Heidelberg (2011)"},{"key":"6_CR9","unstructured":"MITRE.: Common Attack Pattern Enumeration and Classification (CAPEC) (2015). https:\/\/capec.mitre.org (Accessed 30 March 2015)"},{"key":"6_CR10","unstructured":"MITRE.: Common Weakness Enumeration (CWE) (2015). https:\/\/cwe.mitre.org (Accessed 14 April 2015)"},{"key":"6_CR11","unstructured":"MITRE.: Common Weakness Risk Analysis Framework (CWRAF) (2015). https:\/\/cwe.mitre.org\/cwraf\/ (Accessed 30 March 2015)"},{"key":"6_CR12","doi-asserted-by":"crossref","unstructured":"Murthy, K.K., Thakkar, K.R., Laxminarayan, S.: Leveraging risk based testing in enterprise systems security validation. In: Proceedings of the First International Conference on Emerging Network Intelligence, pp. 111\u2013116. IEEE Computer Society (2009)","DOI":"10.1109\/EMERGING.2009.28"},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 Workshop on New Security Paradigms, NSPW 1998, pp. 71\u201379. ACM, New York (1998)","DOI":"10.1145\/310889.310919"},{"key":"6_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"277","DOI":"10.1007\/978-3-662-45231-8_20","volume-title":"Leveraging Applications of Formal Methods, Verification and Validation","author":"F Seehusen","year":"2014","unstructured":"Seehusen, F.: A technique for risk-based test procedure identification, prioritization and selection. In: Margaria, T., Steffen, B. (eds.) ISoLA 2014, Part II. LNCS, vol. 8803, pp. 277\u2013291. Springer, Heidelberg (2014)"},{"key":"6_CR15","doi-asserted-by":"crossref","unstructured":"Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, SP 2002, pp. 273\u2013284. IEEE Computer Society, Washington (2002)","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Zech, P., Felderer, M., Breu, R.: Towards a model based security testing approach of cloud computing environments. In: 2012 IEEE Sixth International Conference on Software Security and Reliability Companion (SERE-C), pp. 47\u201356. IEEE (2012)","DOI":"10.1109\/SERE-C.2012.11"},{"key":"6_CR17","doi-asserted-by":"crossref","unstructured":"Zech, P., Felderer, M., Breu, R.: Towards risk - driven security testing of service centric systems. In: QSIC, pp. 140\u2013143. IEEE (2012)","DOI":"10.1109\/QSIC.2012.31"}],"container-title":["Lecture Notes in Computer Science","Risk Assessment and Risk-Driven Testing"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-26416-5_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T11:24:29Z","timestamp":1748690669000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-26416-5_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319264158","9783319264165"],"references-count":17,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-26416-5_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}