Software Security Testing of Web Applications Based on SSD

被引:0
|
作者
Hui, Zhanwei [1 ]
Huang, Song [1 ]
机构
[1] PLA Univ Sci & Technol, Inst Comman Automat, PLA Software Test & Evaluat Ctr Mil Training, Nanjing, Jiangsu, Peoples R China
来源
ADVANCED INTELLIGENT COMPUTING THEORIES AND APPLICATIONS | 2010年 / 93卷
关键词
Software security test; Function test; Vulnerability; Software security defect; Defect behavior;
D O I
暂无
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Due to the increasing complexity of Web applications, traditional function security testing, which only tests and validates software security mechanisms, is becoming ineffective to detect latent software security defects (SSD). The number of reported web application vulnerabilities is increasing dramatically. However, the most of vulnerabilities result from some typical SSD. Based on SSD, this paper presents an effective software security testing (SST) model, which extends traditional security testing process to defects behavior analysis which incorporates advantages of traditional testing method and SSD-based security testing methodology. Primary applications show the effectiveness of our test model.
引用
收藏
页码:527 / 534
页数:8
相关论文
共 50 条
  • [31] Software security testing
    Potter, B
    McGraw, G
    IEEE SECURITY & PRIVACY, 2004, 2 (05) : 81 - 85
  • [32] Reducing The Number of Security Vulnerabilities in Web Applications by Improving Software Quality
    Trifonov, Gergely
    SACI: 2009 5TH INTERNATIONAL SYMPOSIUM ON APPLIED COMPUTATIONAL INTELLIGENCE AND INFORMATICS, 2009, : 41 - 44
  • [33] Security models for Web-based applications
    Joshi, JBD
    Aref, WG
    Ghafoor, A
    Spafford, EH
    COMMUNICATIONS OF THE ACM, 2001, 44 (02) : 38 - 44
  • [34] Web based Integrated Framework for Security Applications
    Veeraraghavan, Sampathkumar
    Panetta, Karen
    Agaian, Sos
    IEEE INTERNATIONAL CONFERENCE ON SYSTEMS, MAN AND CYBERNETICS (SMC 2010), 2010,
  • [35] Security Testing of Web Applications: a Search Based Approach for Cross-Site Scripting Vulnerabilities
    Avancini, Andrea
    Ceccato, Mariano
    11TH IEEE INTERNATIONAL WORKING CONFERENCE ON SOURCE CODE ANALYSIS AND MANIPULATION (SCAM 2011), 2011, : 85 - 94
  • [36] Security Testing of Web Applications: A Search-Based Approach for Detecting SQL Injection Vulnerabilities
    Liu, Muyang
    Li, Ke
    Chen, Tao
    PROCEEDINGS OF THE 2019 GENETIC AND EVOLUTIONARY COMPUTATION CONFERENCE COMPANION (GECCCO'19 COMPANION), 2019, : 417 - 418
  • [37] Security Sensitive Data Flow Coverage Criterion for Automatic Security Testing of Web Applications
    Dao, Thanh Binh
    Shibayama, Etsuya
    ENGINEERING SECURE SOFTWARE AND SYSTEMS, 2011, 6542 : 101 - +
  • [38] Automation Software Testing on Web-Based Application
    Dhir, Saru
    Kumar, Deepak
    SOFTWARE ENGINEERING (CSI 2015), 2019, 731 : 691 - 698
  • [39] Automated security testing for web applications on industrial automation and control systems
    Pfrang, Steffen
    Borcherding, Anne
    Meier, David
    Beyerer, Juergen
    AT-AUTOMATISIERUNGSTECHNIK, 2019, 67 (05) : 383 - 401
  • [40] Software Testing for Web-Applications Non-Functional Requirements
    Romano, Breno Lisi
    Braga e Silva, Glaucia
    de Campos, Henrique Fernandes
    Vieira, Ricardo Godoi
    da Cunha, Adilson Marques
    Silveira, Fabio Fagundes
    Brandao Ramos, Alexandre Carlos
    PROCEEDINGS OF THE 2009 SIXTH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY: NEW GENERATIONS, VOLS 1-3, 2009, : 1674 - +
12345