Title :
Agile security testing of Web-based systems via HTTPUnit
Author :
Tappenden, A. ; Beatty, P. ; Miller, J. ; Geras, A. ; Smith, M.
Author_Institution :
Alberta Univ., Edmonton, Alta., Canada
Abstract :
The technological advancements of Web-based systems and the shift to iterative and evolutionary development processes have given rise to the idea of agile security testing, where the principles and practices of agile testing are applied to the domain of security testing. This paper explores common vulnerabilities for Web applications and proposes two synergistic approaches for mitigating them. The first approach is to employ a highly testable architecture in the development of Web-based systems, and the second is to support the security testing process using the open source unit testing framework HTTPUnit. The overall testing strategy mingles well with agile development efforts and gives the development team an opportunity to produce applications that have the "right" functionality and the "right" level of security.
Keywords :
Internet; hypermedia; program testing; security of data; software engineering; HTTPUnit; Web application; Web-based systems; agile security testing; agile testing; open source unit testing framework; Application software; Genetic programming; Information security; Life testing; Power generation; Power system security; Software engineering; Software systems; System testing; Ubiquitous computing;
Conference_Titel :
Agile Conference, 2005. Proceedings
Print_ISBN :
0-7695-2487-7
DOI :
10.1109/ADC.2005.11
