Authors:
Jonghwan Im
;
Jongwon Yoon
and
Minsik Jin
Affiliation:
Fasoo.com R&D Center, Korea, Republic of
Keyword(s):
Web Application Security Testing, SAST, DAST, IAST, XSS, SDLC.
Related
Ontology
Subjects/Areas/Topics:
Information and Systems Security
;
Security Verification and Validation
Abstract:
Dynamic application security testing detects security vulnerabilities by sending predefined strings to web
applications. So if the web applications have filters which restrict input parameters, the detection capability
of dynamic application security testing is degraded. To solve this problem, interactive application security
testing have emerged in which dynamic application security testing interact with static application security
testing. In this paper, we propose an interactive platform for storing, processing, and distributing
information collected from each security test in the software development life cycle. And we use this
platform to verify that we can detect cross-site script vulnerabilities that could not be detected due to web
application filters. Experiments on the proposed approach for the cross-site script vulnerability test case of
OWASP Benchmark show that the detection rate of the dynamic analyzer is improved by about 32.11%.