Planning-based security testing of web applications

Josip Bozic, Franz Wotawa

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Web applications are deployed on machines around the globe and offer almost universal accessibility. The systems ensure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements represents data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements can result in security leaks that can be eventually exploited by a malicious user. Here different testing methods are applied in order to detect software defects and prevent unauthorized access in advance. Automated planning and scheduling provides the possibility to specify a specific problem and to generate plans, which in turn guide the execution of a program. In this paper, a planning-based approach is introduced for modeling and testing of web applications. The specification offers a high degree of extendibility and configurability but overcomes the limits of traditional graphical representations as well. In this way, new testing possibilities emerge that eventually lead to better vulnerability detection, thereby ensuring more secure services.

Original languageEnglish
Title of host publicationProceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018
PublisherIEEE Computer Society, 1998
Pages20-26
Number of pages7
ISBN (Electronic)9781450357432
DOIs
Publication statusPublished - 28 May 2018
Event13th ACM/IEEE International Workshop on Automation of Software Test, AST 2018 - Gothenburg, Sweden
Duration: 28 May 201829 May 2018

Conference

Conference13th ACM/IEEE International Workshop on Automation of Software Test, AST 2018
CountrySweden
CityGothenburg
Period28/05/1829/05/18

Keywords

  • model-based testing
  • planning
  • security testing
  • web applications

ASJC Scopus subject areas

  • Software

Fingerprint Dive into the research topics of 'Planning-based security testing of web applications'. Together they form a unique fingerprint.

Cite this