For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Design of Four-Arm Equiangular Spiral Antenna in Mine Communication
p.447
Study on the Emission Source of Laser Video Communication
p.452
The Cell Search Procedure and PCI Planning in TD-LTE
p.456
The Research of Response Time and Scheduling Algorithm in the TTCAN Bus Control Networks
p.461
Vulnerability Model-Based Web Applications Security Testing Approach
p.468
Barriers and Benefits in the Adoption of E-Government in China
p.473
Performance of HD Radio System
p.477
The Improvement of LEACH Router Protocol Based on Geography and Energy
p.482
An Intelligent Routing Algorithm in Wireless Sensor Networks Based on Reinforcement Learning
p.487

Vulnerability Model-Based Web Applications Security Testing Approach

Article Preview

Abstract:

This paper combines an analysis of structural modeling on security vulnerabilities and a focused behavioral model examination to develop a vulnerability model to depict and reason about security vulnerabilities. An in-depth analysis of the structural models and the corresponding diagram of the applications come from the investigation of not only multiple vulnerable operations on multiple objects being involved in exploiting vulnerability but also the vulnerability data and corresponding data flow inspections deriving from behavioral modeling of the application. We also propose a vulnerability model-based security testing approach that automatically generates security test sequences from vulnerability model diagram and transforms them into executable tests on the basis of the vulnerable operations and vulnerability data.

You might also be interested in these eBooks
Advances in Mechatronics and Control Engineering III View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volume 678)

Pages:

468-472

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.678.468

Citation:

Cite this paper

Online since:

October 2014

Authors:

Cheng He*, Yan Fei Liu

Keywords:

Model-Based Testing, Security Testing, Software Testing, Vulnerability Model

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] Andrews A., Offutt J. and Alexander R. (2005) Testing Web Applications by Modeling with FSMs. Journal of Software and Systems Modeling, vol. 4: 326-345, Springer-verlag (2005).

DOI: 10.1007/s10270-004-0077-7

Google Scholar

[2] Chang W-K. and Jeng S-L. (2005). Impartial evaluation in software reliability practice. Journal of Systems and Software, 76(2): 99-110, Elsevier Science Inc.  New York, NY, USA (2005).

DOI: 10.1016/j.jss.2004.03.029

Google Scholar

[3] Swiderski F, Snyder W. Threat Modeling. Microsoft Press: Redmond, WA, (2004).

Google Scholar

[4] Hamlet, D. (2006). When Only Random Testing Will Do. Proceedings of the First International Workshop on Random Testing (RT'06), July 20, 2006, Portland, ME, USA, ACM Publ.

DOI: 10.1145/1145735.1145737

Google Scholar

[5] Fonseca, J. and Vieira, M. and Madeira, H. (2007).

Google Scholar

[6] Huang Y-W., Yu F., Hang C., Tsai C-H, Lee D-T. and Kuo S-Y. (2004). Securing web application code by static analysis and runtime protection. Proceedings of WWW 2004, pp.40-52, ACM publ.

DOI: 10.1145/988672.988679

Google Scholar

[7] Lyu M.R. (2007). Software Reliability Engineering: A Roadmap. Proceedings of Future of Software Engineering, 2007. FOSE '07 (2007), pp.153-170.

DOI: 10.1109/fose.2007.24

Google Scholar

[8] Qi, Y., Kung, D.  and Wong, E. (2005). An agent-based testing approach for Web applications. Proceedings of 29th Annual International Computer Software and Applications Conference (COMPSAC 2005). 26-28 July 2005, pp.45-50, IEEE Comp Society Publ.

DOI: 10.1109/compsac.2005.42

Google Scholar

[9] Ricca F. and Tonella P. (2005). Web Testing: a Roadmap for the Empirical Research. Proceedings of the International Symposium on Web Site Evolution (WSE) 2005. Damiano Distante (ed. ): pp.63-70. September, 2005. IEEE Computer Society.

DOI: 10.1109/wse.2005.23

Google Scholar

[10] Tonella P. and Riccs F. (2004). Statistical testing of Web applications. Journal of Software Maintenance, 16(1-2): 103-127 (2004).

Google Scholar

[11] Walton G.H. and Poore J.H. (2000). Generating transition probabilities to support model-based software testing. Journal Software—Practice & Experience, 30(10): 1095 – 1106, John-Wiley & Sons Inc., New York, NY, USA.

DOI: 10.1002/1097-024x(200008)30:10<1095::aid-spe328>3.0.co;2-h

Google Scholar

[12] Scott, D., Sharp, R. Abstracting Application-Level Web Security. " In: Proc. 11th Int, l Conf. World Wide Web (WWW2002), pages 396-407, Honolulu, Hawaii, May 17-22, (2002).

DOI: 10.1145/511446.511498

Google Scholar

[13] Scott, D., Sharp, R. Developing Secure Web Applications., IEEE Internet Computing, 6(6), 38-45, Nov (2002).

DOI: 10.1109/mic.2002.1067735

Google Scholar

[14] Chang, W.K., Twu, S., Teng, W., 1999. Ensuring functional test coverage for avionics control applications through statistical usage testing. In: FESMA'99, 2nd European Software Measurement Conference, 4–8 October 1999, Amsterdam, The Netherlands. p.261.

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.