Title :
Testing Security Policies for Web Applications
Author :
Mallouli, Wissam ; Morales, Gerardo ; Cavalli, Ana
Author_Institution :
GET/INT, Evry
Abstract :
Due to the increasing complexity of Web systems, security testing is becoming a critical activity to guarantee the respect of such systems to their security requirements. To challenge this issue, we rely in this paper on model based active testing. We first specify the Web system behavior using IF formalism. Second, we integrate security rules -modeled in Nomad language- within this IF model using specific algorithms. Then, we perform automatic test generation using a dedicated tool, called HJ2If, developed in our laboratory. Finally, we briefly present a Travel agency system as an ongoing case study to demonstrate the reliability of our framework.
Keywords :
Internet; program testing; security of data; software reliability; software tools; Nomad language; Web systems; dedicated tool; security policy testing; Application software; Automata; Automatic testing; Communication system security; Data security; Laboratories; Logic testing; Performance evaluation; Signal processing; System testing;
Conference_Titel :
Software Testing Verification and Validation Workshop, 2008. ICSTW '08. IEEE International Conference on
Conference_Location :
Lillehammer
Print_ISBN :
978-0-7695-3388-9
DOI :
10.1109/ICSTW.2008.45
