Overview on Case Study Penetration Testing Models Evaluation

Ahmad S. Al-Ahmad*, Hasan Kahtan, Yehia I. Alzoubi

*Corresponding author for this work

Research output: Contribution to journalReview articlepeer-review

2 Citations (Scopus)

Abstract

Model evaluation is a cornerstone of scientific research as it represents the findings' accuracy and model performance. A case study is commonly used in evaluating software engineering models. Due to criticism in terms of generalization from a single case study and testers, deciding on the number of case studies used for evaluation and the number of testers has been one of the researchers’ challenges. Multiple case studies with multiple testers can be difficult in some domains, such as penetration testing, due to the complexity and time needed to prepare test cases. This study aims to review the literature and examine the evaluation methods used pertaining to the number of case studies and testers involved. This study is beneficial for researchers, students, and penetration testers as it provides case study design steps that are useful to determine the appropriate number of test cases and testers required. The paper's findings and novelty highlight that a single case study with a single tester is enough to evaluate a model. It also strikes a balance between what is enough for the evaluation and the need to reduce criticisms of a single case study by using two case studies with a single tester.

Original languageEnglish
Pages (from-to)1019-1036
Number of pages18
JournalEmerging Science Journal
Volume7
Issue number3
DOIs
Publication statusPublished - 14 May 2023

Keywords

  • Case Study
  • Model Evaluation
  • Penetration Testing
  • Software Engineering
  • Tester

Cite this