• DocumentCode
    626397
  • Title

    Model-Based Vulnerability Testing for Web Applications

  • Author

    Lebeau, F. ; Legeard, Bruno ; Peureux, Fabien ; Vernotte, Alexandre

  • Author_Institution
    DISC Dept., FEMTO-ST Inst., Besancon, France
  • fYear
    2013
  • fDate
    18-22 March 2013
  • Firstpage
    445
  • Lastpage
    452
  • Abstract
    This paper deals with an original approach to automate Model-Based Vulnerability Testing (MBVT) for Web applications, which aims at improving the accuracy and precision of vulnerability testing. Today, Model-Based Testing techniques are mostly used to address functional features. The adaptation of such techniques for vulnerability testing defines novel issues in this research domain. In this paper, we describe the principles of our approach, which is based on a mixed modeling of the application under test: the specification indeed captures some behavioral aspects of the Web application, and includes vulnerability test purposes to drive the test generation algorithm. This approach is illustrated with the widely-used DVWA example.
  • Keywords
    Internet; formal specification; program testing; DVWA example; MBVT; Web application; behavioral aspect; functional feature; mixed modeling; model-based vulnerability testing; specification; test generation algorithm; Abstracts; Adaptation models; Computational modeling; Data models; Security; Testing; Unified modeling language; DVWA example; Model-Based Testing; Vulnerability testing; Web applications;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Testing, Verification and Validation Workshops (ICSTW), 2013 IEEE Sixth International Conference on
  • Conference_Location
    Luxembourg
  • Print_ISBN
    978-1-4799-1324-4
  • Type

    conf

  • DOI
    10.1109/ICSTW.2013.58
  • Filename
    6571669
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=626397