Planning-based security testing of web applications with attack grammars-Reference-Cited by-同舟云学术

Planning-based security testing of web applications with attack grammars

Published:2020-03 Issue:1 Volume:28 Page:307-334
ISSN:0963-9314
Container-title:Software Quality Journal
language:en
Short-container-title:Software Qual J

Author:

Bozic Josip^ORCID,Wotawa Franz^ORCID

Abstract

AbstractWeb applications are deployed on machines around the globe and offer almost universal accessibility. These applications assure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements is data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements often result in security leaks that malicious users eventually exploited. In this context, the application of different testing methods is of utmost importance in order to detect software defects during development and to prevent unauthorized access in advance. In this paper, we contribute to test automation for web applications. In particular, we focus on using planning for testing where we introduce underlying models covering attacks and their use in testing of web applications. The planning model offers a high degree of extendibility and configurability and as well overcomes limits of traditional graphical representations. New testing possibilities emerge that eventually lead to better vulnerability detection, therefore ensuring more secure web services and applications.

Publisher

Springer Science and Business Media LLC

Subject

Safety, Risk, Reliability and Quality,Software

Link

http://link.springer.com/content/pdf/10.1007/s11219-019-09469-y.pdf

Reference44 articles.

1. Anderson, J.S., & Fickas, S. (1989). A proposed perspective shift: viewing specification design as a planning problem. In Proceedings of the 5th international workshop on software specification and design (IWSSD’89).

2. Apache HttpComponents - HttpClient (2018) https://hc.apache.org/httpcomponents-client-ga/. Accessed 2 Feb 2018.

3. Appelt, D., Nguyen, C.D., Briand, L., Alshahwan, N. (2014). Automated testing for SQL injection vulnerabilities: an input mutation approach. In Proceedings of the 2014 international symposium on software testing and analysis (ISSTA’14).

4. Backes, M., Hoffmann, J., Kunnemann, R., Speicher, P., Steinmetz, M. (2017). Simulated penetration testing and mitigation analysis. arXiv:1705.05088 (2017).

5. Backus, J.W. (1959). The antics of the proposed international algebraic language of the Zurich ACM-GAMM conference. In Proceedings of the international conference on information processing, UNESCO (pp. 125–132).

Cited by 14 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Security Testing for Web Applications: A Systematic Literature Review;2023 11th International Conference in Software Engineering Research and Innovation (CONISOFT);2023-11-06

2. Cybersecurity Maturity Model to Prevent Cyberattacks on Web Applications Based on ISO 27032 and NIST;2023 IEEE XXX International Conference on Electronics, Electrical Engineering and Computing (INTERCON);2023-11-02

3. Weighted transformer neural network for web attack detection using request URL;Multimedia Tools and Applications;2023-10-17

4. Automated Multi-Step Web Application Attack Analysis Using Reinforcement Learning and Vulnerability Assessment Tools;2023-09-01

5. Maturity model for secure software testing;Journal of Software: Evolution and Process;2023-07-02