Pattern based Web Security Testing

被引：0

作者：

Araujo, Paulo J. M. ^{[1
]}

Paiva, Ana C. R. ^{[1
,2
]}

机构：

[1] Univ Porto, Fac Engn, Rua Dr Roberto Frias S-N, P-4200465 Porto, Portugal

[2] INESC TEC, Rua Dr Roberto Frias S-N, P-4200465 Porto, Portugal

来源：

PROCEEDINGS OF THE 6TH INTERNATIONAL CONFERENCE ON MODEL-DRIVEN ENGINEERING AND SOFTWARE DEVELOPMENT | 2018年

关键词：

Security Testing; Pattern based Testing; Pattern based Security Testing; Security Web Testing;

D O I：

10.5220/0006606504720479

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

This paper presents a Pattern Based Testing approach for testing security aspects of the applications under test (AUT). It describes the two security patterns which are the focus of this work ("Account Lockout" and "Authentication Enforcer") and the test strategies implemented to check if the applications are vulnerable or not regarding these patterns. The PBST (Pattern Based Security Testing) overall approach has two phases: exploration (to identify the web pages of the application under test) and testing (to execute the test strategies developed in order to detect vulnerabilities). An experiment is presented to validate the approach over five public web applications. The goal is to assess the behavior of the tool when varying the upper limit of pages to visit and assess its capacity to find real vulnerabilities. The results are promising. Indeed, it was possible to check that the vulnerabilities detected corresponded to real security problems.

引用

下载

页码：472 / 479

页数：8

共 50 条

[41] Research on the Enhanced Robust Web Development Pattern based on ThinkPHP Framework and Data Security Model
Yin, Qiangfei
Jiang, Junqing
2015 2ND INTERNATIONAL SYMPOSIUM ON ENGINEERING TECHNOLOGY, EDUCATION AND MANAGEMENT (ISETEM 2015), 2015, : 221 - 226
[42] Security Testing of Web Applications: a Search Based Approach for Cross-Site Scripting Vulnerabilities
Avancini, Andrea
Ceccato, Mariano
11TH IEEE INTERNATIONAL WORKING CONFERENCE ON SOURCE CODE ANALYSIS AND MANIPULATION (SCAM 2011), 2011, : 85 - 94
[43] Security Testing of Web Applications: A Search-Based Approach for Detecting SQL Injection Vulnerabilities
Liu, Muyang
Li, Ke
Chen, Tao
PROCEEDINGS OF THE 2019 GENETIC AND EVOLUTIONARY COMPUTATION CONFERENCE COMPANION (GECCCO'19 COMPANION), 2019, : 417 - 418
[44] Content-Based Security for the Web
Afanasyev, Alexander
Halderman, J. Alex
Ruoti, Scott
Seamons, Kent
Yu, Yingdi
Zappala, Daniel
Zhang, Lixia
PROCEEDINGS OF THE 2016 NEW SECURITY PARADIGMS WORKSHOP (NSPW'16), 2016, : 49 - 60
[45] Research on the Security Based on Web Database
Ren, Hua
PROCEEDINGS OF THE 2017 2ND INTERNATIONAL CONFERENCE ON MATERIALS SCIENCE, MACHINERY AND ENERGY ENGINEERING (MSMEE 2017), 2017, 123 : 115 - 119
[46] Security Sensitive Data Flow Coverage Criterion for Automatic Security Testing of Web Applications
Dao, Thanh Binh
Shibayama, Etsuya
ENGINEERING SECURE SOFTWARE AND SYSTEMS, 2011, 6542 : 101 - +
[47] Security Testing Methodology for Vulnerabilities Detection of XSS in Web Services and WS-Security
Salas, M. I. P.
Martins, E.
ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2014, 302 : 133 - 154
[48] Work in Progress - Web Penetration Testing: Effectiveness of Student Learning in Web Application Security
Kam, Hwee-Joo
Pauli, Joshua J.
2011 FRONTIERS IN EDUCATION CONFERENCE (FIE), 2011,
[49] Testing Web Services for academic environment with Robust Security Approach
Prakash, Lakshmi Sunil
Giri, Papiya
Mathew, Sajan
FUTURE INFORMATION TECHNOLOGY, 2011, 13 : 134 - 138
[50] Automatic Web Security Unit Testing: XSS Vulnerability Detection
Mohammadi, Mahmoud
Chu, Bill
Lipford, Heather Richter
Murphy-Hill, Emerson
2016 IEEE/ACM 11TH INTERNATIONAL WORKSHOP IN AUTOMATION OF SOFTWARE TEST (AST), 2016, : 78 - 84

← 1 2 3 4 5 →