Planning-based security testing of web applications with attack grammars

Josip Bozic*, Franz Wotawa

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


Web applications are deployed on machines around the globe and offer almost universal accessibility. These applications assure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements is data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements often result in security leaks that malicious users eventually exploited. In this context, the application of different testing methods is of utmost importance in order to detect software defects during development and to prevent unauthorized access in advance. In this paper, we contribute to test automation for web applications. In particular, we focus on using planning for testing where we introduce underlying models covering attacks and their use in testing of web applications. The planning model offers a high degree of extendibility and configurability and as well overcomes limits of traditional graphical representations. New testing possibilities emerge that eventually lead to better vulnerability detection, therefore ensuring more secure web services and applications.
Original languageEnglish
Pages (from-to)307-334
Number of pages28
JournalSoftware Quality Journal
Issue number1
Publication statusPublished - 9 Mar 2020


  • Planning
  • Security testing
  • Model-based testing
  • Web applications

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Planning-based security testing of web applications with attack grammars'. Together they form a unique fingerprint.

Cite this