Title :
A New Security Testing Method for Detecting Flash Vulnerabilities by Generating Test Patterns
Author :
Watanabe, Takanobu ; Cheng, Zixue ; Kansen, Mizuo ; Hisada, Masayuki
Author_Institution :
Univ. Bus. Innovation Center, Univ. of Aizu, Aizu-Wakamatsu, Japan
Abstract :
Flash has a number of security defects even though Flash Player is installed on most of world´s PC. Protection using sandbox has limitation to protect a user from vulnerabilities of Flash application because an attacker can attack a vulnerable Flash application when a sandbox can´t work if an engineer or a web administrator set sandbox permission wrongly. Another way to solve it is testing. As a testing, penetration testing is useful for detecting vulnerability of Flash Application. Existing penetration testing performs penetration test through UI manually, which is inefficient and time consuming. In this paper, to overcome a problem of existing penetration test, we design a new penetration testing, which enables to generate as many test patterns as possible from VM inputs, inputting test patterns into VM, and checks the existence of vulnerabilities from VM outputs automatically. We demonstrate our testing method using an example, which can detect Flash Parameter Injection that is a one kind of vulnerability of Flash application.
Keywords :
program testing; security of data; flash parameter injection; flash player; flash vulnerability detection; security testing method; test pattern generation; Browsers; HTML; Mobile communication; Monitoring; Security; Servers; Testing; Flash Security; Mobile Code Security; Penetration Test; Test Patterns Generation; Web Security;
Conference_Titel :
Network-Based Information Systems (NBiS), 2010 13th International Conference on
Conference_Location :
Takayama
Print_ISBN :
978-1-4244-8053-1
Electronic_ISBN :
2157-0418
DOI :
10.1109/NBiS.2010.28
