Planning-based security testing of web applications

Josip Bozic, Franz Wotawa

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung

Abstract

Web applications are deployed on machines around the globe and offer almost universal accessibility. The systems ensure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements represents data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements can result in security leaks that can be eventually exploited by a malicious user. Here different testing methods are applied in order to detect software defects and prevent unauthorized access in advance. Automated planning and scheduling provides the possibility to specify a specific problem and to generate plans, which in turn guide the execution of a program. In this paper, a planning-based approach is introduced for modeling and testing of web applications. The specification offers a high degree of extendibility and configurability but overcomes the limits of traditional graphical representations as well. In this way, new testing possibilities emerge that eventually lead to better vulnerability detection, thereby ensuring more secure services.

Originalspracheenglisch
TitelProceedings 2018 ACM/IEEE 13th International Workshop on Automation of Software Test, AST 2018
Herausgeber (Verlag)IEEE Computer Society, 1998
Seiten20-26
Seitenumfang7
ISBN (elektronisch)9781450357432
DOIs
PublikationsstatusVeröffentlicht - 28 Mai 2018
Veranstaltung13th ACM/IEEE International Workshop on Automation of Software Test, AST 2018 - Gothenburg, Schweden
Dauer: 28 Mai 201829 Mai 2018

Konferenz

Konferenz13th ACM/IEEE International Workshop on Automation of Software Test, AST 2018
Land/GebietSchweden
OrtGothenburg
Zeitraum28/05/1829/05/18

ASJC Scopus subject areas

  • Software

Dieses zitieren