Planning-based security testing of web applications

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

Web applications are deployed on machines around the globe and offer almost universal accessibility. The systems ensure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements represents data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements can result in security leaks that can be eventually exploited by a malicious user. Here different testing methods are applied in order to detect software defects and prevent unauthorized access in advance. Automated planning and scheduling provides the possibility to specify a specific problem and to generate plans, which in turn guide the execution of a program. In this paper, a planning-based approach is introduced for modeling and testing of web applications. The specification offers a high degree of extendibility and configurability but overcomes the limits of traditional graphical representations as well. In this way, new testing possibilities emerge that eventually lead to better vulnerability detection, thereby ensuring more secure services.

Original languageEnglish
Title of host publicationProceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018
PublisherIEEE Computer Society, 1998
Pages20-26
Number of pages7
ISBN (Electronic)9781450357432
DOIs
Publication statusPublished - 28 May 2018
Event13th ACM/IEEE International Workshop on Automation of Software Test, AST 2018 - Gothenburg, Sweden
Duration: 28 May 201829 May 2018

Conference

Conference13th ACM/IEEE International Workshop on Automation of Software Test, AST 2018
CountrySweden
CityGothenburg
Period28/05/1829/05/18

Fingerprint

Planning
Testing
Defects
Authentication
Scheduling
Specifications

Keywords

  • model-based testing
  • planning
  • security testing
  • web applications

ASJC Scopus subject areas

  • Software

Cite this

Bozic, J., & Wotawa, F. (2018). Planning-based security testing of web applications. In Proceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018 (pp. 20-26). IEEE Computer Society, 1998. https://doi.org/10.1145/3194733.3194738

Planning-based security testing of web applications. / Bozic, Josip; Wotawa, Franz.

Proceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018. IEEE Computer Society, 1998, 2018. p. 20-26.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Bozic, J & Wotawa, F 2018, Planning-based security testing of web applications. in Proceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018. IEEE Computer Society, 1998, pp. 20-26, 13th ACM/IEEE International Workshop on Automation of Software Test, AST 2018, Gothenburg, Sweden, 28/05/18. https://doi.org/10.1145/3194733.3194738
Bozic J, Wotawa F. Planning-based security testing of web applications. In Proceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018. IEEE Computer Society, 1998. 2018. p. 20-26 https://doi.org/10.1145/3194733.3194738
Bozic, Josip ; Wotawa, Franz. / Planning-based security testing of web applications. Proceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018. IEEE Computer Society, 1998, 2018. pp. 20-26
@inproceedings{64c78236ac4d4b918fef55c7da80ca37,
title = "Planning-based security testing of web applications",
abstract = "Web applications are deployed on machines around the globe and offer almost universal accessibility. The systems ensure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements represents data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements can result in security leaks that can be eventually exploited by a malicious user. Here different testing methods are applied in order to detect software defects and prevent unauthorized access in advance. Automated planning and scheduling provides the possibility to specify a specific problem and to generate plans, which in turn guide the execution of a program. In this paper, a planning-based approach is introduced for modeling and testing of web applications. The specification offers a high degree of extendibility and configurability but overcomes the limits of traditional graphical representations as well. In this way, new testing possibilities emerge that eventually lead to better vulnerability detection, thereby ensuring more secure services.",
keywords = "model-based testing, planning, security testing, web applications",
author = "Josip Bozic and Franz Wotawa",
year = "2018",
month = "5",
day = "28",
doi = "10.1145/3194733.3194738",
language = "English",
pages = "20--26",
booktitle = "Proceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018",
publisher = "IEEE Computer Society, 1998",

}

TY - GEN

T1 - Planning-based security testing of web applications

AU - Bozic, Josip

AU - Wotawa, Franz

PY - 2018/5/28

Y1 - 2018/5/28

N2 - Web applications are deployed on machines around the globe and offer almost universal accessibility. The systems ensure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements represents data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements can result in security leaks that can be eventually exploited by a malicious user. Here different testing methods are applied in order to detect software defects and prevent unauthorized access in advance. Automated planning and scheduling provides the possibility to specify a specific problem and to generate plans, which in turn guide the execution of a program. In this paper, a planning-based approach is introduced for modeling and testing of web applications. The specification offers a high degree of extendibility and configurability but overcomes the limits of traditional graphical representations as well. In this way, new testing possibilities emerge that eventually lead to better vulnerability detection, thereby ensuring more secure services.

AB - Web applications are deployed on machines around the globe and offer almost universal accessibility. The systems ensure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements represents data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements can result in security leaks that can be eventually exploited by a malicious user. Here different testing methods are applied in order to detect software defects and prevent unauthorized access in advance. Automated planning and scheduling provides the possibility to specify a specific problem and to generate plans, which in turn guide the execution of a program. In this paper, a planning-based approach is introduced for modeling and testing of web applications. The specification offers a high degree of extendibility and configurability but overcomes the limits of traditional graphical representations as well. In this way, new testing possibilities emerge that eventually lead to better vulnerability detection, thereby ensuring more secure services.

KW - model-based testing

KW - planning

KW - security testing

KW - web applications

UR - http://www.scopus.com/inward/record.url?scp=85051213185&partnerID=8YFLogxK

U2 - 10.1145/3194733.3194738

DO - 10.1145/3194733.3194738

M3 - Conference contribution

SP - 20

EP - 26

BT - Proceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018

PB - IEEE Computer Society, 1998

ER -