Overview on Case Study Penetration Testing Models Evaluation

Ahmad S. Al-Ahmad, Hasan Kahtan, Yehia I. Alzoubi


Model evaluation is a cornerstone of scientific research as it represents the findings' accuracy and model performance. A case study is commonly used in evaluating software engineering models. Due to criticism in terms of generalization from a single case study and testers, deciding on the number of case studies used for evaluation and the number of testers has been one of the researchers’ challenges. Multiple case studies with multiple testers can be difficult in some domains, such as penetration testing, due to the complexity and time needed to prepare test cases. This study aims to review the literature and examine the evaluation methods used pertaining to the number of case studies and testers involved. This study is beneficial for researchers, students, and penetration testers as it provides case study design steps that are useful to determine the appropriate number of test cases and testers required. The paper's findings and novelty highlight that a single case study with a single tester is enough to evaluate a model. It also strikes a balance between what is enough for the evaluation and the need to reduce criticisms of a single case study by using two case studies with a single tester.


Doi: 10.28991/ESJ-2023-07-03-025

Full Text: PDF


Penetration Testing; Model Evaluation; Tester; Case Study; Software Engineering.


Godin, G. (1994). Social-cognitive models. Advances in exercise adherence, 113–136, Human Kinetics Publishers, Champaign, United States.

Keng Siau, & Rossi, M. (1998). Evaluation of information modeling methods-a review. Proceedings of the Thirty-First Hawaii International Conference on System Sciences. doi:10.1109/hicss.1998.648327.

Yuan, Q., Pi, Y., Kou, L., Zhang, F., Li, Y., & Zhang, Z. (2022). Multi-Source Data Processing and Fusion Method for Power Distribution Internet of Things Based on Edge Intelligence. Frontiers in Energy Research, 10. doi:10.3389/fenrg.2022.891867.

Sitthimongkolchai, N., Viriyavejakul, C., & Tuntiwongwanich, S. (2022). The BEE Model with Live Virtual Classroom to Enhancing Creative Works. Emerging Science Journal, 6, 108–122. doi:10.28991/esj-2022-sied-08.

Shiffrin, R. M., Lee, M. D., Kim, W., & Wagenmakers, E. J. (2008). A survey of model evaluation approaches with a tutorial on hierarchical bayesian methods. Cognitive Science, 32(8), 1248–1284. doi:10.1080/03640210802414826.

Gao, K., Wang, Z., Mockus, A., & Zhou, M. (2023). On the Variability of Software Engineering Needs for Deep Learning: Stages, Trends, and Application Types. IEEE Transactions on Software Engineering, 49(2), 760–776. doi:10.1109/TSE.2022.3163576.

Hammersley, M.; Foster, P. and Gomm, R. (2000). Case study and generalization. Case Study Method: Key Issues, Key Texts, 98-115. Sage, London, United Kingdom.

Yin, R. K. (2013). Validity and generalization in future case study evaluations. Evaluation, 19(3), 321–332. doi:10.1177/1356389013497081.

Wieringa, R., & Daneva, M. (2015). Six strategies for generalizing software engineering theories. Science of Computer Programming, 101, 136–152. doi:10.1016/j.scico.2014.11.013.

Alfayez, R., Ding, Y., Winn, R., & Alfayez, G. (2022). What is Discussed About Software Engineering Ethics on Stack Exchange (Q&A) Websites? A Case Study. 2022 IEEE/ACIS 20th International Conference on Software Engineering Research, Management and Applications (SERA). doi:10.1109/sera54885.2022.9806760.

Deshmukh, S. A., & Kasar, S. L. (2022). Significance of Software Engineering Phases in the Development of a Software Application. Designing User Interfaces with a Data Science Approach, 111–132, IGI Global, Hershey, United States. doi:10.4018/978-1-7998-9121-5.ch006.

Aha, D. W. (1992). Generalizing from Case Studies: A Case Study. Machine Learning Proceedings 1992, 1–10, Morgan Kaufmann, Burlington, United States. doi:10.1016/b978-1-55860-247-2.50006-1.

Bosua, R., Cheong, M., Clark, K., Clifford, D., Coghlan, S., Culnane, C., Leins, K., & Richardson, M. (2022). Using public data to measure diversity in computer science research communities: A critical data governance perspective. Computer Law & Security Review, 44, 105655. doi:10.1016/j.clsr.2022.105655.

Runeson, P., & Höst, M. (2009). Guidelines for conducting and reporting case study research in software engineering. Empirical Software Engineering, 14(2), 131–164. doi:10.1007/s10664-008-9102-8.

Klotins, E., Gorschek, T., Sundelin, K., & Falk, E. (2022). Towards cost-benefit evaluation for continuous software engineering activities. Empirical Software Engineering, 27(6). doi:10.1007/s10664-022-10191-w.

Dakkak, A., Bosch, J., & Olsson, H. H. (2022). Controlled Continuous Deployment: A Case Study From The Telecommunications Domain. Proceedings of the International Conference on Software and System Processes and International Conference on Global Software Engineering. doi:10.1145/3529320.3529323.

Andersson, C., & Runeson, P. (2007). A spiral process model for case studies on software quality monitoring - Method and metrics. Software Process Improvement and Practice, 12(2), 125–140. doi:10.1002/spip.311.

Mizuno, O., Ikami, S., Nakaichi, S., & Kikuno, T. (2007). Fault-Prone Filtering: Detection of Fault-Prone Modules Using Spam Filtering Technique. First International Symposium on Empirical Software Engineering and Measurement (ESEM 2007) Madrid, Spain. doi:10.1109/esem.2007.29.

Özakıncı, R., & Kolukısa Tarhan, A. (2023). A decision analysis approach for selecting software defect prediction method in the early phases. Software Quality Journal, 31(1), 121–177. doi:10.1007/s11219-022-09595-0.

Sangal, N., Jordan, E., Sinha, V., & Jackson, D. (2005). Using dependency models to manage complex software architecture. ACM SIGPLAN Notices, 40(10), 167–176. doi:10.1145/1103845.1094824.

Sobhy, D., Minku, L., Bahsoon, R., & Kazman, R. (2022). Continuous and Proactive Software Architecture Evaluation: An IoT Case. ACM Transactions on Software Engineering and Methodology, 31(3), 1–54. doi:10.1145/3492762.

Geer, D., & Harthorne, J. (2002). Penetration testing: a duet. 18th Annual Computer Security Applications Conference, 2002. Proceedings. doi:10.1109/csac.2002.1176290.

Goel, J. N., Asghar, M. H., Kumar, V., & Pandey, S. K. (2016). Ensemble based approach to increase vulnerability assessment and penetration testing accuracy. 2016 International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH). doi:10.1109/iciccs.2016.7542303.

Xiong, P., & Peyton, L. (2010). A model-driven penetration test framework for Web applications. 2010 Eighth International Conference on Privacy, Security and Trust. doi:10.1109/pst.2010.5593250.

Xu, W., Groves, B., & Kwok, W. (2016). Penetration testing on cloud---case study with own cloud. Global Journal of Information Technology, 5(2), 87. doi:10.18844/gjit.v5i2.198.

Zhao, J., Shang, W., Wan, M., & Zeng, P. (2015). Penetration testing automation assessment method based on rule tree. 2015 IEEE International Conference on Cyber Technology in Automation, Control, and Intelligent Systems (CYBER). doi:10.1109/cyber.2015.7288225.

Meyers, B. S., Almassari, S. F., Keller, B. N., & Meneely, A. (2022). Examining Penetration Tester Behavior in the Collegiate Penetration Testing Competition. ACM Transactions on Software Engineering and Methodology, 31(3), 1–25. doi:10.1145/3514040.

Barik, K., Konar, K., Banerjee, A., Das, S., Abirami, A. (2022). An Exploration of Attack Patterns and Protection Approaches Using Penetration Testing. Intelligent Data Communication Technologies and Internet of Things. Lecture Notes on Data Engineering and Communications Technologies, Volume 101. Springer, Singapore. doi:10.1007/978-981-16-7610-9_36.

Al-Ahmad, A. S., Aljunid, S. A., & Ismail, N. K. (2020). Mobile cloud computing applications penetration testing model design. International Journal of Information and Computer Security, 13(2), 210–226. doi:10.1504/IJICS.2020.108849.

Al-Ahmad, A. S., Aljunid, S. A., & Sani, A. S. A. (2013). Mobile Cloud Computing Testing Review. 2013 International Conference on Advanced Computer Science Applications and Technologies. doi:10.1109/acsat.2013.42.

Al-Ahmad, A. S., Kahtan, H., Hujainah, F., & Jalab, H. A. (2019). Systematic Literature Review on Penetration Testing for Mobile Cloud Computing Applications. IEEE Access, 7, 173524–173540. doi:10.1109/ACCESS.2019.2956770.

Ali, A., Ahmed, M., Imran, M., & Khattak, H. A. (2020). Security and Privacy Issues in Fog Computing. Fog Computing, 105–137, John Wiley & Sons, Hoboken, United States. doi:10.1002/9781119551713.ch5.

Alzoubi, Y. I., Al-Ahmad, A., Jaradat, A., & Osmanaj, V. H. (2021). FOG computing architecture, benefits, security, and privacy, for the internet of thing applications: An overview. Journal of Theoretical and Applied Information Technology, 99(2), 436–451.

Alzoubi, Y. I., Al-Ahmad, A., & Jaradat, A. (2021). Fog computing security and privacy issues, open challenges, and blockchain solution: An overview. International Journal of Electrical and Computer Engineering (IJECE), 11(6), 5081. doi:10.11591/ijece.v11i6.pp5081-5088.

Alzoubi, Y. I., Osmanaj, V. H., Jaradat, A., & Al‐Ahmad, A. (2020). Fog computing security and privacy for the Internet of Thing applications: State-of-the-art. Security and Privacy, 4(2). doi:10.1002/spy2.145.

Maray, M., & Shuja, J. (2022). Computation Offloading in Mobile Cloud Computing and Mobile Edge Computing: Survey, Taxonomy, and Open Issues. Mobile Information Systems, 2022. doi:10.1155/2022/1121822.

Ghauri, P. (2004). Designing and conducting case studies in international business research. In Handbook of Qualitative Research Methods for International Business, 109–124, Edward Elgar, Cheltenham, United Kingdom. doi:10.4337/9781781954331.00019.

Gehrke, S., Niemz, S., Wenige, L., & Ruhland, J. (2022). Investigation of Senior IT Management Skills Using COBIT Enablers and Social Media Platform. Journal of Human, Earth, and Future, 3(1), 69-81. doi:10.28991/HEF-2022-03-01-05.

Shenton, A. K. (2004). Strategies for ensuring trustworthiness in qualitative research projects. Education for Information, 22(2), 63–75. doi:10.3233/EFI-2004-22201.

Engebretson, P. (2013). The basics of hacking and penetration testing: ethical hacking and penetration testing made easy, Elsevier, Amsterdam, Netherlands. doi:10.1016/C2013-0-00019-9.

Arkin, B., Stender, S., & McGraw, G. (2005). Software penetration testing. IEEE Security and Privacy, 3(1), 84–87. doi:10.1109/MSP.2005.23.

Whitaker, A., & Newman, D. P. (2005). Penetration Testing and Network Defense: Penetration Testing _1. Cisco Press, Indianapolis, United States.

Yeo, J. (2013). Using penetration testing to enhance your company's security. Computer Fraud & Security, 2013(4), 17-20. doi:10.1016/S1361-3723(13)70039-3.

Sanjaya, I. G. A. S., Sasmita, G. M. A., & Sri Arsa, D. M. (2020). Information technology risk management using ISO 31000 based on issaf framework penetration testing (Case study: Election commission of x city). International Journal of Computer Network and Information Security, 12(4), 30–40. doi:10.5815/ijcnis.2020.04.03.

Stepanova, T., Pechenkin, A., & Lavrova, D. (2015). Ontology-based big data approach to automated penetration testing of large-scale heterogeneous systems. Proceedings of the 8th International Conference on Security of Information and Networks. doi:10.1145/2799979.2799995.

Arjun, C. V. (2019). Penetration Testing for Denial of Service Attacks and its Variants. Journal of Advanced Research in Dynamical and Control Systems, 10, 2320-2326.

Arnaldy, D., & Perdana, A. R. (2019). Implementation and Analysis of Penetration Techniques Using the Man-In-The-Middle Attack. 2019 2nd International Conference of Computer and Informatics Engineering (IC2IE), Banyuwangi, Indonesia. doi:10.1109/ic2ie47452.2019.8940872.

Wibowo, R. M., & Sulaksono, A. (2021). Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd. Indonesian Journal of Information Systems, 3, 149–159. doi:10.24002/ijis.v3i2.4192.

Al-Ahmad, A., Ata, B. A., & Wahbeh, A. H. S. (2012). Pen testing for Web applications. International Journal of Information Technology and Web Engineering, 7(3), 1–13. doi:10.4018/jitwe.2012070101.

Salis, A. (2021). Towards the Internet of Behaviors in Smart Cities through a Fog-To-Cloud Approach. HighTech and Innovation Journal, 2(4), 273-284. doi:10.28991/HIJ-2021-02-04-01.

Al-Ahmad, A. S., & Kahtan, H. (2018). Test case selection for penetration testing in mobile cloud computing applications: A proposed technique. Journal of Theoretical and Applied Information Technology, 96(13), 4238–4248.

Al-Ahmad, A.S., Kahtan, H. (2019). Fuzz Test Case Generation for Penetration Testing in Mobile Cloud Computing Applications. Intelligent Computing & Optimization. ICO 2018, Advances in Intelligent Systems and Computing, 866, Springer, Cham, Switzerland. doi:10.1007/978-3-030-00979-3_27.

Amershi, S., Begel, A., Bird, C., DeLine, R., Gall, H., Kamar, E., Nagappan, N., Nushi, B., & Zimmermann, T. (2019). Software Engineering for Machine Learning: A Case Study. 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). doi:10.1109/icse-seip.2019.00042.

Kitchenham, B. A., Dyba, T., & Jorgensen, M. (2004). Evidence-based software engineering. Proceedings. 26th International Conference on Software Engineering. doi:10.1109/icse.2004.1317449.

Kitchenham, B., Pickard, L., & Pfleeger, S. L. (1995). Case Studies for Method and Tool Evaluation. IEEE Software, 12(4), 52–62. doi:10.1109/52.391832.

Kitchenham, B., & Charters, S. (2007). Guidelines for performing systematic literature reviews in software engineering version 2.3. Engineering, 45(4ve), 1051.

Brereton, P., Kitchenham, B. A., Budgen, D., Turner, M., & Khalil, M. (2007). Lessons from applying the systematic literature review process within the software engineering domain. Journal of Systems and Software, 80(4), 571–583. doi:10.1016/j.jss.2006.07.009.

Runeson, P., Höst, M., Rainer, A., & Regnell, B. (2012). Scaling up Case Study Research to Real‐World Software Practice. Case Study Research in Software Engineering; Guidelines and Examples, 97-107, John Wiley & Sons, Hoboken, United States. doi:10.1002/9781118181034.ch7.

Runeson, P., Höst, M., Rainer, A., & Regnell, B. (2012). Case Study Research in Software Engineering: Guidelines and Examples. John Wiley & Sons, Hoboken, united States. doi:10.1002/9781118181034.

Perry, D. E., Sim, S. E., & Easterbrook, S. M. (2004). Case studies for software engineers. Proceedings. 26th International Conference on Software Engineering. doi:10.1109/icse.2004.1317512.

Bratthall, L., & Jørgensen, M. (2002). Can you trust a single data source exploratory software engineering case study? Empirical Software Engineering, 7(1), 9–26. doi:10.1023/A:1014866909191.

Seaman, C. B. (1999). Qualitative methods in empirical studies of software engineering. IEEE Transactions on Software Engineering, 25(4), 557–572. doi:10.1109/32.799955.

Flyvbjerg, B. (2011). Five Misunderstandings About Case-Study Research. Qualitative Research Practice, 12, 390–404. doi:10.4135/9781848608191.d33.

McLeod, J., & Elliott, R. (2011). Systematic case study research: A practice-oriented introduction to building an evidence base for counselling and psychotherapy. Counselling and Psychotherapy Research, 11(1), 1–10. doi:10.1080/14733145.2011.548954.

Kratochwill, T. R., & Levin, J. R. (2010). Enhancing the Scientific Credibility of Single-Case Intervention Research: Randomization to the Rescue. Psychological Methods, 15(2), 124–144. doi:10.1037/a0017736.

Edwards, D. J. A. (1998). Types of case study work: A conceptual framework for case-based research. Journal of Humanistic Psychology, 38(3), 36–70. doi:10.1177/00221678980383003.

Kratochwill, T. R., Hitchcock, J., Horner, R. H., Levin, J. R., Odom, S. L., Rindskopf, D. M., & Shadish, W. R. (2010). Single-case designs technical documentation. What works clearinghouse. Institute of Education Sciences. Available online: http://ies.ed.gov/ncee/wwc/pdf/wwc_scd.pdf (accessed on April 2023).

Zivkovic, J. (2012). Strengths and Weaknesses of Business Research Methodologies: Two Disparate Case Studies. Business Studies Journal, 4(2), 91-99.

Barker, J., McCarthy, P., Jones, M., & Moran, A. (2011). Single case research methods in sport and exercise. Routledge, London, United Kingdom. doi:10.4324/9780203861882.

Wong, W. E., Horgan, J. R., London, S., & Mathur, A. P. (1995). Effect of test set minimization on fault detection effectiveness. Proceedings of the 17th International Conference on Software Engineering- ICSE ’95. doi:10.1145/225014.225018.

Zogaj, S., Bretschneider, U., & Leimeister, J. M. (2014). Managing crowdsourced software testing: a case study based insight on the challenges of a crowdsourcing intermediary. Journal of Business Economics, 84(3), 375–405. doi:10.1007/s11573-014-0721-9.

Koskosas, I., & Koskosa, M. M. (2011). Internet banking security management through trust management. World Computer Science and Information Technology Journal (WCSIT), 1(3), 79-87.

Livshits, B. (2006). Improving software security with precise static and runtime analysis. Ph.D. Thesis, Stanford University, Stanford, United States.

Ramollari, E. (2013) Automated Runtime Testing of Web Services. Ph.D. Thesis, University of Sheffield, Sheffield, United Kingdom.

Mahmood, R. (2015). An evolutionary approach for system testing of android applications. Ph.D. Thesis, George Mason University, Fairfax, United States.

Alshahwan, N; (2012) Utilizing Output in Web Application Server-Side Testing. Ph.D. Thesis, University College London (UCL), London, United Kingdom.

Stol, K. J., & Fitzgerald, B. (2014). Two's company, three's a crowd: a case study of crowdsourcing software development. Proceedings of the 36th International Conference on Software Engineering. doi:10.1145/2568225.2568249.

Hanssen, G. K. (2012). A longitudinal case study of an emerging software ecosystem: Implications for practice and theory. Journal of Systems and Software, 85(7), 1455–1466. doi:10.1016/j.jss.2011.04.020.

Da Silva, I. F., Da Mota Silveira Neto, P. A., O’Leary, P., De Almeida, E. S., & Meira, S. R. D. L. (2014). Software product line scoping and requirements engineering in a small and medium-sized enterprise: An industrial case study. Journal of Systems and Software, 88(1), 189–206. doi:10.1016/j.jss.2013.10.040.

Sánchez, A. B., Segura, S., Parejo, J. A., & Ruiz-Cortés, A. (2017). Variability testing in the wild: the Drupal case study. Software and Systems Modeling, 16(1), 173–194. doi:10.1007/s10270-015-0459-z.

Zhou, Y. (2015). Improving Security and Privacy of Integrated Web Applications. Ph.D. Thesis, University of Virginia, Charlottesville, United States.

Hanna, Aiman (2012) A Hybrid Framework for the Systematic Detection of Software Security Vulnerabilities in Source Code. PhD Thesis, Concordia University, Montreal, Canada.

Pan, S. (2014). Cybersecurity testing and intrusion detection for cyber-physical power systems. Ph.D. Thesis, Mississippi State University, Starkville, United States.

Doupé, A. L. (2014). Advanced automated web application vulnerability analysis. Ph.D. Thesis, University of California, Oakland, United States.

Lutz, B. (2013). Rey: An intensive single case study of a probation youth with immigrant background participating in wraparound Santa Cruz. PhD Thesis, The Chicago School of Professional Psychology, Chicago, United States.

Ro, E. (2013). A case study of extensive reading with an unmotivated L2 reader. Reading in a Foreign Language, 25(2), 213-233.

Bonilla, P. (2015). Is our food safe? An Assessment: on the European Union food safety policy, concerning the safety of meat & animal-derived food products in the EU, Master Thesis, University of Twente, Enschede, Netherlands.

Bastian, H., Glasziou, P., & Chalmers, I. (2010). Seventy-five trials and eleven systematic reviews a day: How will we ever keep up? PLoS Medicine, 7(9), 1000326. doi:10.1371/journal.pmed.1000326.

Sana, M. U., & Li, Z. (2021). Efficiency aware scheduling techniques in cloud computing: A descriptive literature review. PeerJ Computer Science, 7, 1–37. doi:10.7717/PEERJ-CS.509.

Ali, O., Shrestha, A., Jaradat, A., & Al-Ahmad, A. (2022). An Evaluation of Key Adoption Factors towards Using the Fog Technology. Big Data and Cognitive Computing, 6(3), 81. doi:10.3390/bdcc6030081.

Alzoubi, Y. I., Al-Ahmad, A., Kahtan, H., & Jaradat, A. (2022). Internet of Things and Blockchain Integration: Security, Privacy, Technical, and Design Challenges. Future Internet, 14(7), 216. doi:10.3390/fi14070216.

AlAhmad, A. S., Kahtan, H., Alzoubi, Y. I., Ali, O., & Jaradat, A. (2021). Mobile cloud computing models security issues: A systematic review. Journal of Network and Computer Applications, 190, 103152. doi:10.1016/j.jnca.2021.103152.

Alzoubi, Y. I., Gill, A. Q., & Al-Ani, A. (2016). Empirical studies of geographically distributed agile development communication challenges: A systematic review. Information and Management, 53(1), 22–37. doi:10.1016/j.im.2015.08.003.

Evans, D. (2003). Hierarchy of evidence: A framework for ranking evidence evaluating healthcare interventions. Journal of Clinical Nursing, 12(1), 77–84. doi:10.1046/j.1365-2702.2003.00662.x.

Kahtan, H., Bakar, N. A., & Nordin, R. (2012, October). Reviewing the challenges of security features in component based software development models. 2012 IEEE Symposium on E-Learning, E-Management and E-Services, Kuala Lumpur, Malaysia. doi:10.1109/IS3e.2012.6414955.

Kahtan, H., Bakar, N. A., & Nordin, R. (2014). Dependability attributes for increased security in component-based software development. Journal of Computer Science, 10(8), 1298–1306. doi:10.3844/jcssp.2014.1298.1306.

Kahtan, H., Bakar, N. A., & Nordin, R. (2014). Awareness of embedding security features into component-based software development model: A survey. Journal of Computer Science, 10(8), 1411–1417. doi:10.3844/jcssp.2014.1411.1417.

Kahtan, H., Bakar, N. A., & Nordin, R. (2014). Embedding Dependability Attributes into Component-Based Software Development Using the Best Practice Method: A Guideline. Journal of Applied Security Research, 9(3), 348–371. doi:10.1080/19361610.2014.913230.

Keele, S. M., & Bell, R. C. (2008). The factorial validity of emotional intelligence: An unresolved issue. Personality and Individual Differences, 44(2), 487-500. doi:10.1016/j.paid.2007.09.013.

Al-Ahmad, A. S., & Kahtan, H. (2018). Cloud Computing Review: Features and Issues. 2018 International Conference on Smart Computing and Electronic Enterprise, ICSCEE 2018. doi:10.1109/ICSCEE.2018.8538387.

Rajak, A. A. (2022). Emerging technological methods for effective farming by cloud computing and IoT. Emerg. Sci. J., 6(5), 1017-1031. doi:10.28991/ESJ-2022-06-05-07.

McLean, R. S., Antony, J., & Dahlgaard, J. J. (2017). Failure of Continuous Improvement initiatives in manufacturing environments: a systematic review of the evidence. Total Quality Management and Business Excellence, 28(3–4), 219–237. doi:10.1080/14783363.2015.1063414.

Golder, S., Loke, Y. K., & Zorzela, L. (2014). Comparison of search strategies in systematic reviews of adverse effects to other systematic reviews. Health Information & Libraries Journal, 31(2), 92–105. doi:10.1111/hir.12041.

Pucher, K. K., Boot, N. M. W. M., & De Vries, N. K. (2013). Systematic review: School health promotion interventions targeting physical activity and nutrition can improve academic performance in primary‐and middle school children. Health Education, 113(5), 372-391. doi:10.1108/HE-02-2012-0013.

Hu, Y., & Bai, G. A systematic literature review of cloud computing in eHealth. arXiv preprint, arXiv:1412.2494. doi:10.48550/arXiv.1412.2494.

Mainka, C., Somorovsky, J., & Schwenk, J. (2012, June). Penetration testing tool for web services security. 2012 IEEE Eighth World Congress on Services. doi:10.1109/SERVICES.2012.7.

Xing, B., Gao, L., Zhang, J., & Sun, D. (2010, October). Design and implementation of an XML-based penetration testing system. 2010 International Symposium on Intelligence Information Processing and Trusted Computing. doi:10.1109/IPTC.2010.109.

Deptula, K. (2013). Automation of cyber penetration testing using the detect, identify, predict, react intelligence automation model. Master Thesis, Naval Postgraduate School Monterey, Monterey, United States.

Halfond, W. G., Choudhary, S. R., & Orso, A. (2009, April). Penetration testing with improved input vector identification. 2009 International Conference on Software Testing Verification and Validation. doi:10.1109/ICST.2009.26.

Jones, G. (2013). Penetrating the cloud. Network Security, 2013(2), 5–7. doi:10.1016/S1353-4858(13)70028-X.

Byeong-Ho, K. A. N. G. (2008). About Effective Penetration Testing Methodology. Journal of Security Engineering, 5(5), 425-432. (In Korean).

LaBarge, R., & McGuire, T. (2013). Cloud penetration testing. arXiv preprint, arXiv:1301.1912. doi:10.5121/ijccsa.2012.2604.

Halfond, W. G. J., Choudhary, S. R., & Orso, A. (2011). Improving penetration testing through static and dynamic analysis. Software Testing Verification and Reliability, 21(3), 195–214. doi:10.1002/stvr.450.

Baškarada, S. (2014). Qualitative case studies guidelines. The Qualitative Report, 19(40), 1-25.

Hemmati, H., Briand, L., Arcuri, A., & Ali, S. (2010). An enhanced test case selection approach for model-based testing: an industrial case study. Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering. doi:10.1145/1882291.1882331.

Yin, R. K. (2011). Applications of case study research. SAGE, London, United Kingdom.

Shelke, A., & Mehendale, N. (2023). A CNN-based android application for plant leaf classification at remote locations. Neural Computing and Applications, 35(3), 2601-2607. doi:10.1007/s00521-022-07740-1.

Li Li, R., Abendroth, D., Lin, X., Guo, Y., Baek, H. W., Eide, E., ... & Van der Merwe, J. (2015). Potassium: penetration testing as a service. Proceedings of the sixth ACM symposium on cloud computing. doi:10.1145/2806777.2806935.

Cheah, M., Shaikh, S. A., Bryans, J., & Wooderson, P. (2018). Building an automotive security assurance case using systematic security evaluations. Computers and Security, 77, 360–379. doi:10.1016/j.cose.2018.04.008.

Kamara, S., Fahmy, S., Schultz, E., Kerschbaum, F., & Frantzen, M. (2003). Analysis of vulnerabilities in internet firewalls. Computers & Security, 22(3), 214–232. doi:10.1016/S0167-4048(03)00310-9.

Goseva-Popstojanova, K., & Perhinschi, A. (2015). On the capability of static code analysis to detect security vulnerabilities. Information and Software Technology, 68, 18–33. doi:10.1016/j.infsof.2015.08.002.

Al-Azzani, S., Al-Natour, A., & Bahsoon, R. (2014). Architecture-centric testing for security: An agile perspective. Agile Software Architecture. Morgan Kaufmann, Burlington, United States. doi:10.1016/C2012-0-01208-2.

Mouelhi, T., Le Traon, Y., Abgrall, E., Baudry, B., & Gombault, S. (2011). Tailored shielding and bypass testing of web applications. 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation. doi:10.1109/ICST.2011.56.

Ahmad, A. A.-S., Brereton, P., & Andras, P. (2017). A Systematic Mapping Study of Empirical Studies on Software Cloud Testing Methods. 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). doi:10.1109/qrs-c.2017.94.

Pandey, A., & Mishra, S. (2021). Does the executive perception of the Value of information technology (IT) influence the IT strategy? A case Study. Journal of Information Systems Applied Research, 14(1), 24-35.

Ceric, A., & Holland, P. (2019). The role of cognitive biases in anticipating and responding to cyberattacks. Information Technology & People, 32(1), 171-188. doi:10.1108/ITP-11-2017-0390.

Chung, S., Mueller, S., & Kim, J. Y. (2018). Architecture-Driven Penetration Testing against a Cyber-Physical System. Information Systems Education Journal, 16, 37–44.

Shah, M. P. (2019). Comparative Analysis of the Automated Penetration Testing Tools. Master Thesis, National College of Ireland, Dublin, Ireland.

Kahtan, H., Bakar, N. A., Nordin, R., & Abdulgabber, M. A. (2014). Evaluation dependability attributes of web application using vulnerability assessments tools. Information Technology Journal, 13(14), 2240-2249.

Krein, J. L. (2014). Replication and Knowledge Production in Empirical Software Engineering Research. Ph.D. Thesis, Brigham Young University, Provo, United States.

Livshits, V. B., & Lam, M. S. (2005, August). Finding Security Vulnerabilities in Java Applications with Static Analysis. 14th USENIX Security Symposium, 1-5 August, 2005, Baltimore, United States.

Yohanandhan, R. V., Elavarasan, R. M., Pugazhendhi, R., Premkumar, M., Mihet-Popa, L., Zhao, J., & Terzija, V. (2022). A specialized review on outlook of future Cyber-Physical Power System (CPPS) testbeds for securing electric power grid. International Journal of Electrical Power & Energy Systems, 136, 107720. doi:10.1016/j.ijepes.2021.107720

Hurst, W, Shone, N, El Rhalibi, A, Happe, A, Kotze, B & Duncan, B (2017) Advancing the Micro-CI Testbed for IoT Cyber-Security Research and Education. The Eighth International Conference on Cloud Computing, GRIDs, and Virtualization, 19-23 February, 2017, Athens, Greece.

Bau, J., Bursztein, E., Gupta, D., & Mitchell, J. (2010). State of the Art: Automated Black-Box Web Application Vulnerability Testing. 2010 IEEE Symposium on Security and Privacy. doi:10.1109/sp.2010.27.

Khoury, N., Zavarsky, P., Lindskog, D., & Ruhl, R. (2011). An Analysis of Black-Box Web Application Security Scanners against Stored SQL Injection. 2011 IEEE Third Int’l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int’l Conference on Social Computing. doi:10.1109/passat/socialcom.2011.199.

Mannino, J. (2012). OWASP Goatdroid project. GitHub, Inc. Available online: https://github.com/nvisium-jack-mannino/OWASP-GoatDroid-Project (accessed on April 2023).

Bures, M., Herout, P., & Ahmed, B. S. (2020). Open-source Defect Injection Benchmark Testbed for the Evaluation of Testing. 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST), Porto, Portugal. doi:10.1109/icst46399.2020.00059.

Lindvall, M., Rus, I., Shull, F., Zelkowitz, M., Donzelli, P., Memon, A., Basili, V., Costa, P., Tvedt, R., Hochstein, L., Asgari, S., Ackermann, C., & Pech, D. (2005). An evolutionary testbed for software technology evaluation. Innovations in Systems and Software Engineering, 1(1), 3–11. doi:10.1007/s11334-005-0007-z.

Ridene, Y., & Barbier, F. (2011). A model-driven approach for automating mobile applications testing. Proceedings of the 5th European Conference on Software Architecture: Companion Volume. doi:10.1145/2031759.2031770.

Cadar, C., Godefroid, P., Khurshid, S., Păsăreanu, C. S., Sen, K., Tillmann, N., & Visser, W. (2011). Symbolic execution for software testing in practice. Proceedings of the 33rd International Conference on Software Engineering, 1066–1071. doi:10.1145/1985793.1985995.

Yuhong Cai, Grundy, J., & Hosking, J. (2004). Experiences integrating and scaling a performance test bed generator with an open source CASE tool. Proceedings. 19th International Conference on Automated Software Engineering, 2004. doi:10.1109/ase.2004.1342722.

Hooda, I., & Singh Chhillar, R. (2015). Software Test Process, Testing Types and Techniques. International Journal of Computer Applications, 111(13), 10–14. doi:10.5120/19597-1433.

D’Angelo, G., Ficco, M., & Palmieri, F. (2020). Malware detection in mobile environments based on Auto encoders and API-images. Journal of Parallel and Distributed Computing, 137, 26–33. doi:10.1016/j.jpdc.2019.11.001.

Al Nasseri, H. M. (2019). Detecting cloud virtual network isolation security for data leakage. Ph.D. Thesis, University of St Andrews, St Andrews, United Kingdom.

Valdi, A., Lever, E., Benefico, S., Quarta, D., Zanero, S., & Maggi, F. (2015). Scalable Testing of Mobile Antivirus Applications. Computer, 48(11), 60–68. doi:10.1109/MC.2015.320.

Schwarz, K., Schwarz, F., & Creutzburg, R. (2020). Conception and implementation of professional laboratory exercises in the field of open source intelligence (OSINT). Electronic Imaging, 32(3), 278-1-278–10. doi10.2352/issn.2470-1173.2020.3.mobmu-278.

Holibaugh, R., Perry, J. M., & Sun, L. A. (1988). Phase I Testbed Description: Requirements and Selection Guifdelines. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, United States.

Wermelinger, M., Yu, Y., Lozano, A., & Capiluppi, A. (2011). Assessing architectural evolution: A case study. Empirical Software Engineering, 16(5), 623–666. doi:10.1007/s10664-011-9164-x.

Full Text: PDF

DOI: 10.28991/ESJ-2023-07-03-025


  • There are currently no refbacks.

Copyright (c) 2023 Ahmad Alahmad, Hasan Kahtan, Yehia Alzoubi