Security Testing Based on Attack Patterns

被引:15
|
作者
Bozic, Josip [1 ]
Wotawa, Franz [1 ]
机构
[1] Graz Univ Technol, Inst Software Technol, A-8010 Graz, Austria
来源
2014 SEVENTH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS (ICSTW 2014) | 2014年
关键词
Attack pattern; UML state machine; SQL injection; cross-site scripting; model-based testing; security testing;
D O I
10.1109/ICSTW.2014.58
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Testing for security related issues is an important task of growing interest due to the vast amount of applications and services available over the internet. In practice testing for security often is performed manually with the consequences of higher costs, and no integration of security testing with today's agile software development processes. In order to bring security testing into practice, many different approaches have been suggested including fuzz testing and model-based testing approaches. Most of these approaches rely on models of the system or the application domain. In this paper we suggest to formalize attack patterns from which test cases can be generated and even executed automatically. Hence, testing for known attacks can be easily integrated into software development processes where automated testing, e.g., for daily builds, is a requirement. The approach makes use of UML state charts. Besides discussing the approach, we illustrate the approach using a case study.
引用
收藏
页码:4 / 11
页数:8
相关论文
共 50 条
  • [31] Hierarchy-driven approach for attack patterns in software security education
    Pauli, Joshua J.
    Engebretson, Patrick H.
    [J]. PROCEEDINGS OF THE FIFTH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY: NEW GENERATIONS, 2008, : 1156 - +
  • [32] Security Assessment of Computer Networks Based on Attack Graphs and Security Events
    Kotenko, Igor
    Doynikova, Elena
    [J]. INFORMATION AND COMMUNICATION TECHNOLOGY, 2014, 8407 : 462 - 471
  • [33] A catalogue associating security patterns and attack steps to design secure applications
    Salva, Sebastien
    Regainia, Loukmen
    [J]. JOURNAL OF COMPUTER SECURITY, 2019, 27 (01) : 49 - 74
  • [34] Mapping the Security Events to the MITRE ATT&CK Attack Patterns to Forecast Attack Propagation (Extended Abstract)
    Kryukov, Roman
    Zima, Vladimir
    Fedorchenko, Elena
    Novikova, Evgenia
    Kotenko, Igor
    [J]. ATTACKS AND DEFENSES FOR THE INTERNET OF THINGS, ADIOT, 2022, 13745 : 165 - 176
  • [35] Attack Graph Based Security Metrics for Dynamic Networks
    Gain, Ayan
    Barik, Mridul Sankar
    [J]. INFORMATION SYSTEMS SECURITY, ICISS 2023, 2023, 14424 : 109 - 128
  • [36] Attack scenario based approach to security test generation
    He, Ke
    Li, Xiao-Hong
    Feng, Zhi-Yong
    Marback, Aaron
    [J]. Tianjin Daxue Xuebao (Ziran Kexue yu Gongcheng Jishu Ban)/Journal of Tianjin University Science and Technology, 2011, 44 (04): : 344 - 352
  • [37] Attack Pattern Mining Algorithm Based on Security Log
    Li, Keyi
    Li, Yang
    Liu, Jianyi
    Zhang, Ru
    Duan, Xi
    [J]. 2017 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS (ISI), 2017, : 205 - 205
  • [38] Strategic Defense and Attack in Deception based Network Security
    Fraunholz, Daniel
    Schotten, Hans Dieter
    [J]. 2018 32ND INTERNATIONAL CONFERENCE ON INFORMATION NETWORKING (ICOIN), 2018, : 156 - 161
  • [39] An attack graph-based probabilistic security metric
    Wang, Lingyu
    Islam, Tania
    Long, Tao
    Singhal, Anoop
    Jajodia, Sushil
    [J]. DATA AND APPLICATIONS SECURITY XXII, 2008, 5094 : 283 - +
  • [40] Network Security Risk Assessment Based on Attack Graph
    Xie, Lixia
    Zhang, Xiao
    Zhang, Jiyong
    [J]. JOURNAL OF COMPUTERS, 2013, 8 (09) : 2339 - 2347
12345