Megah Juliardi Sondara Wicaksana; Mohamad Nurkamal Fauzan

doi:10.37278/sisinfo.v7i2.1335

Authors

Megah Juliardi Sondara Wicaksana Teknik Informatika, Sekolah Vokasi, Universitas Logistik dan Bisnis Internasional
Mohamad Nurkamal Fauzan Teknik Informatika, Sekolah Vokasi, Universitas Logistik dan Bisnis Internasional

DOI:

https://doi.org/10.37278/sisinfo.v7i2.1335

Keywords:

Security Testing Method, Application Security Testing, Software Quality Metrics, Software Security Metrics, Software Vulnerability Assessment

Abstract

This Systematic Literature Review (SLR) maps the current research landscape on application security testing and assessment. Following the PRISMA framework, this review synthesizes findings from 40 primary studies, which were selected from five scientific databases for the period of 2010–2025 based on rigorous inclusion and exclusion criteria. The study was conducted to address the challenge of selecting the most effective security methods from numerous available options. The main findings highlight three key points. First, application security evaluation uses two categories of metrics: internal code quality as an indirect risk indicator and specific security metrics (like CVSS scores) for direct impact assessment. Second, no single method (SAST, DAST, IAST) is considered sufficient; the trend indicates the adoption of a hybrid approach to maximize detection coverage. Third, research is overwhelmingly dominant in web applications, creating a significant research gap in mobile and embedded systems. Overall, this review provides a comprehensive roadmap for practitioners and researchers, emphasizing the urgent need for standardized benchmarks and the expansion of research focus to non-web platforms.

References

Abdulghaffar, K., Elmrabit, N., & Yousefi, M. (2023). Enhancing Web Application Security through Automated Penetration Testing with Multiple Vulnerability Scanners. Computers, 12(11). https://doi.org/10.3390/computers12110235

Al Fansha, D., Yusril, M., Setyawan, H., & Fauzan, M. N. (2021). Load Test pada Microservice yang menerapkan CQRS dan Event Sourcing. In Jurnal Buana Informatika (Vol. 12, Issue 2).

Allodi, L., Cremonini, M., Massacci, F., & Shim, W. (2020). Measuring the accuracy of software vulnerability assessments: experiments with students and professionals. Empirical Software Engineering, 25(2), 1063–1094. https://doi.org/10.1007/s10664-019-09797-4

Altulaihan, E. A., Alismail, A., & Frikha, M. (2023). A Survey on Web Application Penetration Testing. In Electronics (Switzerland) (Vol. 12, Issue 5). MDPI. https://doi.org/10.3390/electronics12051229

Anjum, M., Agarwal, V., Kapur, P. K., & Khatri, S. K. (2020). Two-phase methodology for prioritization and utility assessment of software vulnerabilities. International Journal of System Assurance Engineering and Management, 11, 289–300. https://doi.org/10.1007/s13198-020-00957-0

Anjum, M., Kapur, P. K., Agarwal, V., & Khatri, S. K. (2020). Assessment of software vulnerabilities using best-worst method and two-way analysis. International Journal of Mathematical, Engineering and Management Sciences, 5(2), 328–342. https://doi.org/10.33889/IJMEMS.2020.5.2.027

Aydos, M., Aldan, Ç., Coşkun, E., & Soydan, A. (2022). Security testing of web applications: A systematic mapping of the literature. In Journal of King Saud University - Computer and Information Sciences (Vol. 34, Issue 9, pp. 6775–6792). King Saud bin Abdulaziz University. https://doi.org/10.1016/j.jksuci.2021.09.018

Colakoglu, F. N., Yazici, A., & Mishra, A. (2021). Software Product Quality Metrics: A Systematic Mapping Study. IEEE Access, 9, 44647–44670. https://doi.org/10.1109/ACCESS.2021.3054730

Esposito, M., Falaschi, V., Tor, R. ", Rome, V. ", & Falessi, D. (2024). An Extensive Comparison of Static Application Security Testing Tools. In Proceedings of The 28th International Conference on Evaluation and Assessment in Software Engineering (EASE 2024) (Vol. 1). https://doi.org/10.48550/arXiv.2403.09219

Humayun, M., Jhanjhi, N. Z., Almufareh, M. F., & Khalil, M. I. (2022). Security Threat and Vulnerability Assessment and Measurement in Secure Software Development. Computers, Materials and Continua, 71(2), 5039–5059. https://doi.org/10.32604/cmc.2022.019289

Hussein, A., Azmi, A., & Abas, H. (2025). Software Vulnerability Assessment and Classification Using Machine Learning, Deep Learning and Feature Selection Techniques. Informatica (Slovenia), 49(17), 95–104. https://doi.org/10.31449/inf.v49i17.5992

Kalouptsoglou, I., Siavvas, M., Ampatzoglou, A., Kehagias, D., & Chatzigeorgiou, A. (2023). Software vulnerability prediction: A systematic mapping study. In Information and Software Technology (Vol. 164). Elsevier B.V. https://doi.org/10.1016/j.infsof.2023.107303

Kuncoro, A. W., Informatika, J., Rahma, F., & Jurusan Informatika, M. E. (2022). Analisis Metode Open Web Application Security Project (OWASP) pada Pengujian Keamanan Website: Literature Review. https://www.sciencedirect.com

Le, T. H. M., Chen, H., & Babar, M. A. (2022). A Survey on Data-driven Software Vulnerability Assessment and Prioritization. ACM Computing Surveys, 55(5). https://doi.org/10.1145/3529757

Li, J. (2020). Vulnerabilities mapping based on OWASP-SANS: A survey for static application security testing (SAST). Annals of Emerging Technologies in Computing, 4(3), 1–8. https://doi.org/10.33166/AETiC.2020.03.001

Ravindran, U., & Potukuchi, R. V. (2022). A Review on Web Application Vulnerability Assessment and Penetration Testing. Review of Computer Engineering Studies, 9(1), 1–22. https://doi.org/10.18280/rces.090101

Seth, A., Bhattacharya, S., Elder, S., Zahan, N., & Williams, L. (2025). Comparing effectiveness and efficiency of Interactive Application Security Testing (IAST) and Runtime Application Self-Protection (RASP) tools in a large java-based system. Empirical Software Engineering, 30(3), 67. https://doi.org/10.1007/s10664-025-10621-5

Siavvas, M., Kehagias, D., Tzovaras, D., & Gelenbe, E. (2021). A hierarchical model for quantifying software security based on static analysis alerts and software metrics. Software Quality Journal, 29(2), 431–507. https://doi.org/10.1007/s11219-021-09555-0

Tauqeer, O. Bin, Jan, S., Khadidos, A. O., Khadidos, A. O., Khan, F. Q., & Khattak, S. (2021). Analysis of security testing techniques. Intelligent Automation and Soft Computing, 29(1), 291–306. https://doi.org/10.32604/iasc.2021.017260

Tudela, F. M., Higuera, J. R. B., Higuera, J. B., Montalvo, J. A. S., & Argyros, M. I. (2020). On combining static, dynamic and interactive analysis security testing tools to improve owasp top ten security vulnerability detection in web applications. Applied Sciences (Switzerland), 10(24), 1–26. https://doi.org/10.3390/app10249119

Impact of Security Testing on Software Quality : A Systematic Literature Review

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

How to Cite

Issue

Section

License