Planning-Based Security Testing of Web Applications

2018 IEEE/ACM 13th International Workshop on Automation of Software Test (AST) Pub Date : 2018-05-28 DOI:10.1145/3194733.3194738

Josip Bozic, F. Wotawa

{"title":"Planning-Based Security Testing of Web Applications","authors":"Josip Bozic, F. Wotawa","doi":"10.1145/3194733.3194738","DOIUrl":null,"url":null,"abstract":"Web applications are deployed on machines around the globe and offer almost universal accessibility. The systems ensure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements represents data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements can result in security leaks that can be eventually exploited by a malicious user. Here different testing methods are applied in order to detect software defects and prevent unauthorized access in advance. Automated planning and scheduling provides the possibility to specify a specific problem and to generate plans, which in turn guide the execution of a program. In this paper, a planning-based approach is introduced for modeling and testing of web applications. The specification offers a high degree of extendibility and configurability but overcomes the limits of traditional graphical representations as well. In this way, new testing possibilities emerge that eventually lead to better vulnerability detection, thereby ensuring more secure services.","PeriodicalId":423703,"journal":{"name":"2018 IEEE/ACM 13th International Workshop on Automation of Software Test (AST)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE/ACM 13th International Workshop on Automation of Software Test (AST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3194733.3194738","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

Web applications are deployed on machines around the globe and offer almost universal accessibility. The systems ensure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements represents data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements can result in security leaks that can be eventually exploited by a malicious user. Here different testing methods are applied in order to detect software defects and prevent unauthorized access in advance. Automated planning and scheduling provides the possibility to specify a specific problem and to generate plans, which in turn guide the execution of a program. In this paper, a planning-based approach is introduced for modeling and testing of web applications. The specification offers a high degree of extendibility and configurability but overcomes the limits of traditional graphical representations as well. In this way, new testing possibilities emerge that eventually lead to better vulnerability detection, thereby ensuring more secure services.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于计划的Web应用程序安全测试

Web应用程序部署在全球各地的机器上，并提供几乎普遍的可访问性。该系统可确保不同组件之间全天候的功能互联。最重要的需求之一是数据机密性和安全身份验证。然而，实现缺陷和未满足的需求可能导致安全漏洞，最终可能被恶意用户利用。这里采用了不同的测试方法，以便提前检测软件缺陷并防止未经授权的访问。自动计划和调度提供了指定特定问题和生成计划的可能性，这些计划反过来指导程序的执行。本文介绍了一种基于规划的web应用程序建模和测试方法。该规范提供了高度的可扩展性和可配置性，但也克服了传统图形表示的限制。通过这种方式，出现了新的测试可能性，最终导致更好的漏洞检测，从而确保更安全的服务。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2018 IEEE/ACM 13th International Workshop on Automation of Software Test (AST)

自引率

0.00%

发文量