Title :
A case study on web application security testing with tools and manual testing
Author :
Dukes, LaShanda ; Xiaohong Yuan ; Akowuah, Francis
Author_Institution :
Dept. of Comput. Sci., North Carolina Agric. & Tech. State Univ., Greensboro, NC, USA
Abstract :
Web application security has become a big issue because of common vulnerabilities found in web applications. This paper illustrates a case study on conducting security testing on an example application, Tunestore. The example application was tested using a number of tools such as Paros, WebScarab, JBroFuzz, Acunetix, and Fortify. Manual testing was also conducted. The testing results of different tools and manual testing are compared and discussed. Our case study shows manual testing is very important since some vulnerability types can only be found through manual testing and tester´s observations, and it is important to utilize a variety of tools as well as conduct careful manual testing in order to find the most number of vulnerabilities in a web application. Based on this case study, hands-on labs can be developed for teaching web security, software security testing, and other topics.
Keywords :
Internet; program testing; security of data; Acunetix; Fortify; JBroFuzz; Paros; Tunestore; Web application security testing; Web security teaching; WebScarab; hands-on labs; manual testing; software security testing; tool testing; Authentication; Databases; Manuals; Servers; Software; Testing;
Conference_Titel :
Southeastcon, 2013 Proceedings of IEEE
Conference_Location :
Jacksonville, FL
Print_ISBN :
978-1-4799-0052-7
DOI :
10.1109/SECON.2013.6567420
