loading
Documents

Research.Publish.Connect.

Paper

Authors: Paulo J. M. Araújo 1 and Ana C. R. Paiva 2

Affiliations: 1 Faculty of Engineering of University of Porto, Portugal ; 2 Faculty of Engineering of University of Porto and INESC TEC, Portugal

ISBN: 978-989-758-283-7

Keyword(s): Security Testing, Pattern based Testing, Pattern based Security Testing, Security Web Testing.

Related Ontology Subjects/Areas/Topics: Applications and Software Development ; Model-Based Testing and Validation ; Model-Driven Software Development ; Software Engineering

Abstract: This paper presents a Pattern Based Testing approach for testing security aspects of the applications under test (AUT). It describes the two security patterns which are the focus of this work (``Account Lockout'' and ``Authentication Enforcer'') and the test strategies implemented to check if the applications are vulnerable or not regarding these patterns. The PBST (Pattern Based Security Testing) overall approach has two phases: exploration (to identify the web pages of the application under test) and testing (to execute the test strategies developed in order to detect vulnerabilities). An experiment is presented to validate the approach over five public web applications. The goal is to assess the behavior of the tool when varying the upper limit of pages to visit and assess its capacity to find real vulnerabilities. The results are promising. Indeed, it was possible to check that the vulnerabilities detected corresponded to real security problems.

PDF ImageFull Text

Download
Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 54.198.23.251

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
J. M. Araújo P. and C. R. Paiva A. (2018). Pattern based Web Security Testing.In Proceedings of the 6th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD, ISBN 978-989-758-283-7, pages 472-479. DOI: 10.5220/0006606504720479

@conference{modelsward18,
author={Paulo J. M. Araújo and Ana C. R. Paiva},
title={Pattern based Web Security Testing},
booktitle={Proceedings of the 6th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,},
year={2018},
pages={472-479},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006606504720479},
isbn={978-989-758-283-7},
}

TY - CONF

JO - Proceedings of the 6th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,
TI - Pattern based Web Security Testing
SN - 978-989-758-283-7
AU - J. M. Araújo P.
AU - C. R. Paiva A.
PY - 2018
SP - 472
EP - 479
DO - 10.5220/0006606504720479

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.