A Threat Model-Driven Security Testing Approach for Web Application

被引：0

作者：

Yan, Bobo ^{[1
]}

Li, Xiaohong ^{[1
]}

Du, Zhijie ^{[1
]}

机构：

[1] TianJin Univ Tianjin, Tianjin Univ, Coll Software, Tianjin, Peoples R China

来源：

CONTEMPORARY RESEARCH ON E-BUSINESS TECHNOLOGY AND STRATEGY | 2012年 / 332卷

关键词：

Web application; Security testing; Threat Modeling; Attack pattern;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Web applications have been playing a more and more essential role in daily life; hence, the problem of security is gaining more focus, and consequently a great deal of research on web application security testing has been developed. Among them, however, the most have been concentrated on the testing procedure arranged after the completion of the implementation process. In this paper, we propose a threat model-driven security testing approach for detecting threats, which consists of four activities: building threat tree, according to the attack pattern, against the threats web applications may confront; deriving a security testing sequence from thread model; deriving security testing data from UML sequence diagram parameters for extracting test inputs; generating executable security test case. Also, we proposed an algorithm for generating security testing sequences and conducted an empirical study to show the feasibility and effectiveness of our approach.

引用

页码：158 / 168

页数：11

共 50 条

[31] Model-Driven Security Policy Deployment: Property Oriented Approach
Preda, Stere
Cuppens-Boulahia, Nora
Cuppens, Frederic
Garcia-Alfaro, Joaquin
Toutain, Laurent
[J]. ENGINEERING SECURE SOFTWARE AND SYSTEMS, PROCEEDINGS, 2010, 5965 : 123 - 139
[32] A model-driven approach to develop high performance web applications
Herrero Agustin, Jose Luis
del Barco, Pablo Carmona
[J]. JOURNAL OF SYSTEMS AND SOFTWARE, 2013, 86 (12) : 3013 - 3023
[33] CONNECTING BUSINESS AND IT - A MODEL-DRIVEN WEB SERVICE BASED APPROACH
Juhrisch, Martin
Weller, Jens
[J]. 12TH PACIFIC ASIA CONFERENCE ON INFORMATION SYSTEMS (PACIS 2008), 2008, : 1469 - +
[34] A model-driven approach for designing distributed web information systems
Vdovjak, R
Houben, GJ
[J]. WEB ENGINEERING, PROCEEDINGS, 2005, 3579 : 453 - 464
[35] Towards a contextual model-driven development approach for Web services
Maamar, Zakaria
Baina, Karim
Benslimane, Djamal
Narendra, Nanjangud C.
Chelbabi, Mehdi
[J]. ICEIS 2006: PROCEEDINGS OF THE EIGHTH INTERNATIONAL CONFERENCE ON ENTERPRISE INFORMATION SYSTEMS: INFORMATION SYSTEMS ANALYSIS AND SPECIFICATION, 2006, : 78 - +
[36] Towards improving the navigability of web applications:: a model-driven approach
Castro, Cristina Cachero
Melia, Santiago
Genero, Marcela
Poels, Geert
Calero, Coral
[J]. EUROPEAN JOURNAL OF INFORMATION SYSTEMS, 2007, 16 (04) : 420 - 447
[37] A Model-driven Approach for Designing Adaptive Web GIS Interfaces
Angelaccio, M.
Krek, A.
D'Ambrogio, A.
[J]. INFORMATION FUSION AND GEOGRAPHIC INFORMATION SYSTEMS, PROCEEDINGS, 2009, : 137 - 148
[38] Applying Model-Driven Web Engineering to the Testing Phase of the ADAGIO Project
Morales, L.
Moreno-Leonardo, S.
Olivero, M. A.
Jimenez-Ramirez, A.
Mejias, M.
[J]. CURRENT TRENDS IN WEB ENGINEERING (ICWE 2018), 2018, 11153 : 14 - 21
[39] Research Into the Security Threat of Web Application
Zhang, Yanling
Zhang, Ting
[J]. JOURNAL OF WEB ENGINEERING, 2022, 21 (05): : 1707 - 1726
[40] Abstracting Security-Critical Applications for Model Checking in a Model-Driven Approach
Borek, Marian
Stenzel, Kurt
Katkalov, Kuzman
Reif, Wolfgang
[J]. PROCEEDINGS OF 2015 6TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING AND SERVICE SCIENCE, 2015, : 11 - 14

← 1 2 3 4 5 →