A testing framework for Web application security assessment

Yao Wen Huang; Chung Hung Tsai; Tsung Po Lin; Shih Kun Huang; D. T. Lee; Sy Yen Kuo

doi:10.1016/j.comnet.2005.01.003

A testing framework for Web application security assessment

Yao Wen Huang^*
, Chung Hung Tsai
, Tsung Po Lin
, Shih Kun Huang
, D. T. Lee
, Sy Yen Kuo

^*Corresponding author for this work

National Taiwan University
Academia Sinica - Institute of Information Science
National Yang Ming Chiao Tung University

Research output: Contribution to journal › Journal Article › peer-review

59 Scopus citations

Abstract

The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.

Original language	English
Pages (from-to)	739-761
Number of pages	23
Journal	Computer Networks
Volume	48
Issue number	5
DOIs	https://doi.org/10.1016/j.comnet.2005.01.003
State	Published - 05 08 2005
Externally published	Yes

Keywords

Black-box testing
Complete crawling
Fault injection
Security assessment
Web application testing

Access to Document

10.1016/j.comnet.2005.01.003

Cite this

@article{364326324c0648da99da7e4056509637,

title = "A testing framework for Web application security assessment",

abstract = "The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.",

keywords = "Black-box testing, Complete crawling, Fault injection, Security assessment, Web application testing",

author = "Huang, \{Yao Wen\} and Tsai, \{Chung Hung\} and Lin, \{Tsung Po\} and Huang, \{Shih Kun\} and Lee, \{D. T.\} and Kuo, \{Sy Yen\}",

year = "2005",

month = aug,

day = "5",

doi = "10.1016/j.comnet.2005.01.003",

language = "英语",

volume = "48",

pages = "739--761",

journal = "Computer Networks",

issn = "1389-1286",

publisher = "Elsevier B.V.",

number = "5",

}

TY - JOUR

T1 - A testing framework for Web application security assessment

AU - Huang, Yao Wen

AU - Tsai, Chung Hung

AU - Lin, Tsung Po

AU - Huang, Shih Kun

AU - Lee, D. T.

AU - Kuo, Sy Yen

PY - 2005/8/5

Y1 - 2005/8/5

N2 - The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.

AB - The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.

KW - Black-box testing

KW - Complete crawling

KW - Fault injection

KW - Security assessment

KW - Web application testing

UR - https://www.scopus.com/pages/publications/18844454053

U2 - 10.1016/j.comnet.2005.01.003

DO - 10.1016/j.comnet.2005.01.003

M3 - 文章

AN - SCOPUS:18844454053

SN - 1389-1286

VL - 48

SP - 739

EP - 761

JO - Computer Networks

JF - Computer Networks

IS - 5

ER -

A testing framework for Web application security assessment

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this