Planning-based security testing of web applications

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

Web applications are deployed on machines around the globe and offer almost universal accessibility. The systems ensure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements represents data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements can result in security leaks that can be eventually exploited by a malicious user. Here different testing methods are applied in order to detect software defects and prevent unauthorized access in advance. Automated planning and scheduling provides the possibility to specify a specific problem and to generate plans, which in turn guide the execution of a program. In this paper, a planning-based approach is introduced for modeling and testing of web applications. The specification offers a high degree of extendibility and configurability but overcomes the limits of traditional graphical representations as well. In this way, new testing possibilities emerge that eventually lead to better vulnerability detection, thereby ensuring more secure services.

Originalspracheenglisch
TitelProceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018
Herausgeber (Verlag)IEEE Computer Society, 1998
Seiten20-26
Seitenumfang7
ISBN (elektronisch)9781450357432
DOIs
PublikationsstatusVeröffentlicht - 28 Mai 2018
Veranstaltung13th ACM/IEEE International Workshop on Automation of Software Test, AST 2018 - Gothenburg, Schweden
Dauer: 28 Mai 201829 Mai 2018

Konferenz

Konferenz13th ACM/IEEE International Workshop on Automation of Software Test, AST 2018
LandSchweden
OrtGothenburg
Zeitraum28/05/1829/05/18

Fingerprint

Planning
Testing
Defects
Authentication
Scheduling
Specifications

Schlagwörter

    ASJC Scopus subject areas

    • Software

    Dies zitieren

    Bozic, J., & Wotawa, F. (2018). Planning-based security testing of web applications. in Proceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018 (S. 20-26). IEEE Computer Society, 1998. https://doi.org/10.1145/3194733.3194738

    Planning-based security testing of web applications. / Bozic, Josip; Wotawa, Franz.

    Proceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018. IEEE Computer Society, 1998, 2018. S. 20-26.

    Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

    Bozic, J & Wotawa, F 2018, Planning-based security testing of web applications. in Proceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018. IEEE Computer Society, 1998, S. 20-26, Gothenburg, Schweden, 28/05/18. https://doi.org/10.1145/3194733.3194738
    Bozic J, Wotawa F. Planning-based security testing of web applications. in Proceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018. IEEE Computer Society, 1998. 2018. S. 20-26 https://doi.org/10.1145/3194733.3194738
    Bozic, Josip ; Wotawa, Franz. / Planning-based security testing of web applications. Proceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018. IEEE Computer Society, 1998, 2018. S. 20-26
    @inproceedings{64c78236ac4d4b918fef55c7da80ca37,
    title = "Planning-based security testing of web applications",
    abstract = "Web applications are deployed on machines around the globe and offer almost universal accessibility. The systems ensure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements represents data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements can result in security leaks that can be eventually exploited by a malicious user. Here different testing methods are applied in order to detect software defects and prevent unauthorized access in advance. Automated planning and scheduling provides the possibility to specify a specific problem and to generate plans, which in turn guide the execution of a program. In this paper, a planning-based approach is introduced for modeling and testing of web applications. The specification offers a high degree of extendibility and configurability but overcomes the limits of traditional graphical representations as well. In this way, new testing possibilities emerge that eventually lead to better vulnerability detection, thereby ensuring more secure services.",
    keywords = "model-based testing, planning, security testing, web applications",
    author = "Josip Bozic and Franz Wotawa",
    year = "2018",
    month = "5",
    day = "28",
    doi = "10.1145/3194733.3194738",
    language = "English",
    pages = "20--26",
    booktitle = "Proceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018",
    publisher = "IEEE Computer Society, 1998",

    }

    TY - GEN

    T1 - Planning-based security testing of web applications

    AU - Bozic, Josip

    AU - Wotawa, Franz

    PY - 2018/5/28

    Y1 - 2018/5/28

    N2 - Web applications are deployed on machines around the globe and offer almost universal accessibility. The systems ensure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements represents data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements can result in security leaks that can be eventually exploited by a malicious user. Here different testing methods are applied in order to detect software defects and prevent unauthorized access in advance. Automated planning and scheduling provides the possibility to specify a specific problem and to generate plans, which in turn guide the execution of a program. In this paper, a planning-based approach is introduced for modeling and testing of web applications. The specification offers a high degree of extendibility and configurability but overcomes the limits of traditional graphical representations as well. In this way, new testing possibilities emerge that eventually lead to better vulnerability detection, thereby ensuring more secure services.

    AB - Web applications are deployed on machines around the globe and offer almost universal accessibility. The systems ensure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements represents data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements can result in security leaks that can be eventually exploited by a malicious user. Here different testing methods are applied in order to detect software defects and prevent unauthorized access in advance. Automated planning and scheduling provides the possibility to specify a specific problem and to generate plans, which in turn guide the execution of a program. In this paper, a planning-based approach is introduced for modeling and testing of web applications. The specification offers a high degree of extendibility and configurability but overcomes the limits of traditional graphical representations as well. In this way, new testing possibilities emerge that eventually lead to better vulnerability detection, thereby ensuring more secure services.

    KW - model-based testing

    KW - planning

    KW - security testing

    KW - web applications

    UR - http://www.scopus.com/inward/record.url?scp=85051213185&partnerID=8YFLogxK

    U2 - 10.1145/3194733.3194738

    DO - 10.1145/3194733.3194738

    M3 - Conference contribution

    SP - 20

    EP - 26

    BT - Proceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018

    PB - IEEE Computer Society, 1998

    ER -