Planning-based security testing of web applications with attack grammars

Josip Bozic*, Franz Wotawa

*Korrespondierende/r Autor/in für diese Arbeit

Publikation: Beitrag in einer FachzeitschriftArtikel

Abstract

Web applications are deployed on machines around the globe and offer almost universal accessibility. These applications assure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements is data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements often result in security leaks that malicious users eventually exploited. In this context, the application of different testing methods is of utmost importance in order to detect software defects during development and to prevent unauthorized access in advance. In this paper, we contribute to test automation for web applications. In particular, we focus on using planning for testing where we introduce underlying models covering attacks and their use in testing of web applications. The planning model offers a high degree of extendibility and configurability and as well overcomes limits of traditional graphical representations. New testing possibilities emerge that eventually lead to better vulnerability detection, therefore ensuring more secure web services and applications.
Originalspracheenglisch
Seiten (von - bis)307-334
Seitenumfang28
FachzeitschriftSoftware Quality Journal
Jahrgang28
Ausgabenummer1
DOIs
PublikationsstatusVeröffentlicht - 9 Mär 2020

ASJC Scopus subject areas

  • Software
  • !!Safety, Risk, Reliability and Quality

Fingerprint

Untersuchen Sie die Forschungsthemen von „Planning-based security testing of web applications with attack grammars“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren