Title :
Some Modeling Challenges When Testing Rich Internet Applications for Security
Author :
Benjamin, Kamara ; Bochmann, Gregor V. ; Jourdan, Guy-Vincent ; Onut, Iosif-Viorel
Author_Institution :
Sch. of Inf. Technol. & Eng., Univ. of Ottawa, Ottawa, ON, Canada
Abstract :
Web-based applications are becoming more ubiquitous day by day, and among these applications, a new trend is emerging: rich Internet applications (RIAs), using technologies such as Ajax, Flex, or Silverlight, break away from the traditional approach of Web applications having server-side computation and synchronous communications between the web client and servers. RIAs introduce new challenges, new security vulnerabilities, and their behavior makes it difficult or impossible to test with current web-application security scanners. A new model is required to enable automated scanning of RIAs for security. In this paper, we evaluate the shortcomings of current approaches, we elaborate a framework that would permit automated scanning of RIAs, and we provide some directions to address the open problems.
Keywords :
Internet; client-server systems; program testing; security of data; Web based application; Web client; Web server; data security; rich Internet applications testing; server side computation; Application software; Automatic testing; Data security; Internet; Protocols; Rendering (computer graphics); Software standards; Software testing; Software tools; Web server; formal models; rich Internet applications; software security;
Conference_Titel :
Software Testing, Verification, and Validation Workshops (ICSTW), 2010 Third International Conference on
Conference_Location :
Paris
Print_ISBN :
978-1-4244-6773-0
DOI :
10.1109/ICSTW.2010.46
