{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T06:37:02Z","timestamp":1742971022900,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":18,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642001987"},{"type":"electronic","value":"9783642001994"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-00199-4_16","type":"book-chapter","created":{"date-parts":[[2009,3,26]],"date-time":"2009-03-26T09:26:36Z","timestamp":1238059596000},"page":"185-194","source":"Crossref","is-referenced-by-count":1,"title":["Report: Functional Security Testing Closing the Software \u2013 Security Testing Gap: A Case from a Telecom Provider"],"prefix":"10.1007","author":[{"given":"Albin","family":"Zuccato","sequence":"first","affiliation":[]},{"given":"Clemens","family":"K\u00f6gler","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"16_CR1","unstructured":"International Organization for Standardization: ISO\/IEC 17799:2000, Information technology \u2013 Code of practice for information security management (2000)"},{"key":"16_CR2","volume-title":"ARES 2008 proceedings","author":"A. Zuccato","year":"2008","unstructured":"Zuccato, A., Endersz, V., Daniles, N.: Security requirement Engineering at a Telekom Provider. In: Jakoubi, S., Tjoa, S., Weippl, E. (eds.) ARES 2008 proceedings. IEEE Computer Society Press, Los Alamitos (2008)"},{"key":"16_CR3","unstructured":"Howard, M., LeBlanc, D.: Writing Secure Code, 2nd edn. Microsoft (2003)"},{"key":"16_CR4","volume-title":"How to Break Security","author":"J.A. Whittaker","year":"2003","unstructured":"Whittaker, J.A., Thompson, H.H.: How to Break Security. Addison-Wesley Longman, Amsterdam (2003)"},{"key":"16_CR5","doi-asserted-by":"crossref","unstructured":"Potter, B., McGraw, G.: Software security testing. IEEE Security & Privacy (2004)","DOI":"10.1016\/S1353-4858(04)00141-2"},{"key":"16_CR6","unstructured":"Michael, C.C., Radosevich, W.: Risk-based and functional security testing. Technical report, U.S. Department of Homeland Security and Cigital Inc. (2005)"},{"key":"16_CR7","doi-asserted-by":"crossref","unstructured":"McGraw, G.: Software Security: Building Security. Addison-Wesley Software Security Series (2006)","DOI":"10.1109\/ISSRE.2006.43"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"Thompson, H.H.: Why security testing is hard. IEEE Security & Privacy (2003)","DOI":"10.1109\/MSECP.2003.1219078"},{"key":"16_CR9","unstructured":"Hoglund, G., McGraw, G.: Exploiting Software: How to Break Code. Addison-Wesley Software Security Series (2004)"},{"key":"16_CR10","unstructured":"MITRE: Common attack pattern enumeration and classification. Technical report, MITRE Corporation and U.S. Department of Homeland Security (2008), \n                    \n                      http:\/\/capec.mitre.org"},{"key":"16_CR11","volume-title":"Systematic Software Testing","author":"R. Craig","year":"2006","unstructured":"Craig, R., Jaskiel, S.: Systematic Software Testing. Artech House Publishers, Northwood (2006)"},{"issue":"7","key":"16_CR12","doi-asserted-by":"publisher","first-page":"577","DOI":"10.1016\/S0167-4048(01)00706-4","volume":"20","author":"M. Gerber","year":"2000","unstructured":"Gerber, M., von Solms, R.: From Risk Analysis to Security Requirments. Computer & Security\u00a020(7), 577\u2013584 (2000)","journal-title":"Computer & Security"},{"key":"16_CR13","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1016\/S0167-4048(04)00065-3","volume":"23\/1","author":"A. Zuccato","year":"2004","unstructured":"Zuccato, A.: Holistic security requirement engineering for electronic commerce. Computers & Security\u00a023\/1, 63\u201376 (2004)","journal-title":"Computers & Security"},{"key":"16_CR14","unstructured":"K\u00f6gler, C.: Functional security testing \u2013 an approach for a global telecommunication company. Technical report, TeliaSonera (03, 2009)"},{"key":"16_CR15","series-title":"Software Security Series","volume-title":"Getting Software Security Right with Static Analysis","author":"B. Chess","year":"2007","unstructured":"Chess, B., West, J.: Secure Programming with Static Analysis. In: Getting Software Security Right with Static Analysis. Software Security Series. Addison-Wesley, Reading (2007)"},{"key":"16_CR16","volume-title":"Testing Computer Software","author":"C. Kaner","year":"1999","unstructured":"Kaner, C., Falk, J., Nguyen, H.Q.: Testing Computer Software, 2nd edn. John Wiley & Sons Inc., Chichester (1999)","edition":"2"},{"key":"16_CR17","unstructured":"IETF: The TLS Protocol. Technical report, Internet Engineering Taskforce - Network Working Group (1999)"},{"key":"16_CR18","unstructured":"Wagner, D., Schneier, B.: Analysis of the SSL 3.0 Protocol. In: USENIX Workshop on Electronic Commerce. USENIX Association (November 1996)"}],"container-title":["Lecture Notes in Computer Science","Engineering Secure Software and Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-00199-4_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,1,29]],"date-time":"2020-01-29T14:07:19Z","timestamp":1580306839000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-00199-4_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642001987","9783642001994"],"references-count":18,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-00199-4_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2009]]}}}