Automatic Model Inference of Web Applications for Security Testing

被引：4

作者：

Hossen, Karim ^{[1
]}

Groz, Roland ^{[1
]}

Oriat, Catherine ^{[1
]}

Richier, Jean-Luc ^{[1
]}

机构：

[1] Univ Grenoble, Grenoble, France

来源：

2014 SEVENTH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS (ICSTW 2014) | 2014年

关键词：

Control Flow Inference; Data-Flow Inference; Security; Web Application; Reverse-Engineering;

D O I：

10.1109/ICSTW.2014.47

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

In the Internet of services (IoS), web applications are the most common way to provide resources to the users. The complexity of these applications grew up with the number of different development techniques and technologies used. Model-based testing (MBT) has proved its efficiency in software testing but retrieving the corresponding model of an application is still a complex task. In this paper, we propose an automatic and vulnerability-driven model inference approach to model the relevant aspects of a web applications by combining deep web crawling and model inference based on input sequences.

引用

页码：22 / 23

页数：2

共 50 条

[1] Idea: Automatic Security Testing for Web Applications
Dao, Thanh-Binh
Shibayama, Etsuya
[J]. ENGINEERING SECURE SOFTWARE AND SYSTEMS, PROCEEDINGS, 2009, 5429 : 180 - +
[2] Coverage Criteria for Automatic Security Testing of Web Applications
Dao, Thanh Binh
Shibayama, Etsuya
[J]. INFORMATION SYSTEMS SECURITY, 2010, 6503 : 111 - +
[3] Dual Security Testing Model for Web Applications
Garima, Singh
Manju, Kaushik
[J]. INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2016, 7 (02) : 185 - 191
[4] Automatic generation of test drivers for model inference of web applications
Hossen, Karim
Groz, Roland
Oriat, Catherine
Richier, Jean-Luc
[J]. IEEE SIXTH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS (ICSTW 2013), 2013, : 441 - 444
[5] Security Sensitive Data Flow Coverage Criterion for Automatic Security Testing of Web Applications
Dao, Thanh Binh
Shibayama, Etsuya
[J]. ENGINEERING SECURE SOFTWARE AND SYSTEMS, 2011, 6542 : 101 - +
[6] Security Testing Framework for Web Applications
Alrawais, Layla Mohammed
Alenezi, Mamdouh
Akour, Mohammad
[J]. INTERNATIONAL JOURNAL OF SOFTWARE INNOVATION, 2018, 6 (03) : 93 - 117
[7] MobSTer: A model-based security testing framework for web applications
Peroli, Michele
De Meo, Federico
Vigano, Luca
Guardini, Davide
[J]. SOFTWARE TESTING VERIFICATION & RELIABILITY, 2018, 28 (08):
[8] Vulnerability Model-based Web Applications Security Testing Approach
He Cheng
Liu Yanfei
[J]. ADVANCES IN MECHATRONICS AND CONTROL ENGINEERING III, 2014, 678 : 468 - 472
[9] Model Inference and Security Testing in the SPaCIoS Project
Buechler, Matthias
Hossen, Karim
Mihancea, Petru Florin
Minea, Marius
Groz, Roland
Oriat, Catherine
[J]. 2014 SOFTWARE EVOLUTION WEEK - IEEE CONFERENCE ON SOFTWARE MAINTENANCE, REENGINEERING, AND REVERSE ENGINEERING (CSMR-WCRE), 2014, : 411 - +
[10] Security Testing of Web Applications: A Research Plan
Avancini, Andrea
[J]. 2012 34TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2012, : 1491 - 1494

← 1 2 3 4 5 →