Title :
Model-Based Vulnerability Testing for Web Applications
Author :
Lebeau, F. ; Legeard, Bruno ; Peureux, Fabien ; Vernotte, Alexandre
Author_Institution :
DISC Dept., FEMTO-ST Inst., Besancon, France
Abstract :
This paper deals with an original approach to automate Model-Based Vulnerability Testing (MBVT) for Web applications, which aims at improving the accuracy and precision of vulnerability testing. Today, Model-Based Testing techniques are mostly used to address functional features. The adaptation of such techniques for vulnerability testing defines novel issues in this research domain. In this paper, we describe the principles of our approach, which is based on a mixed modeling of the application under test: the specification indeed captures some behavioral aspects of the Web application, and includes vulnerability test purposes to drive the test generation algorithm. This approach is illustrated with the widely-used DVWA example.
Keywords :
Internet; formal specification; program testing; DVWA example; MBVT; Web application; behavioral aspect; functional feature; mixed modeling; model-based vulnerability testing; specification; test generation algorithm; Abstracts; Adaptation models; Computational modeling; Data models; Security; Testing; Unified modeling language; DVWA example; Model-Based Testing; Vulnerability testing; Web applications;
Conference_Titel :
Software Testing, Verification and Validation Workshops (ICSTW), 2013 IEEE Sixth International Conference on
Conference_Location :
Luxembourg
Print_ISBN :
978-1-4799-1324-4
DOI :
10.1109/ICSTW.2013.58
