A testing framework for Web application security assessment

被引：36

作者：

Huang, YW ^{[1
]}

Tsai, CH

Lin, TP

Huang, SK

Lee, DT

Kuo, SY

机构：

[1] Natl Taiwan Univ, Dept Elect Engn, Taipei 106, Taiwan

[2] Acad Sinica, Inst Sci Informat, Taipei 115, Taiwan

[3] Natl Chiao Tung Univ, Dept Comp Sci & Informat Engn, Hsinchu 300, Taiwan

来源：

COMPUTER NETWORKS | 2005年 / 48卷 / 05期

关键词：

Web application testing; security assessment; fault injection; black-box testing; complete crawling;

D O I：

10.1016/j.comnet.2005.01.003

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security. (c) 2005 Elsevier B.V. All rights reserved.

引用

页码：739 / 761

页数：23

共 63 条

[1]

Anley C., 2002, Advanced SQL injection in SQL server applications

[2]

[Anonymous], P 13 INT WORLD WID W

[3]

[Anonymous], 2002, P 11 INT C WORLD WID

[4]

[Anonymous], 2004, KDD '03, DOI DOI 10.1145/988672.988700

[5]

Apap F., 2002, 5 INT S REC ADV INTR

[6]

ARMSTRONG I, 2000, MOBILE CODE STAKES I

[7]

AURONEN L, 2002, TOOL BASED APPROACH

[8]

BALZER R, 2001, DARPA INF SURV C EXP, V2, P257

[9]

BENEDIKT M, 2002, P 11 INT C WORLD WID

[10]

Bergman MichaelK., 2001, DEEP WEB SURFACING H

← 1 2 3 4 5 6 7 →