A testing framework for Web application security assessment

Yao Wen Huang; Chung Hung Tsai; Tsung Po Lin; Shih Kun Huang; D. T. Lee; Sy Yen Kuo

doi:10.1016/j.comnet.2005.01.003

A testing framework for Web application security assessment

Yao Wen Huang^*
, Chung Hung Tsai
, Tsung Po Lin
, Shih Kun Huang
, D. T. Lee
, Sy Yen Kuo

^*此作品的通信作者

National Taiwan University
Academia Sinica - Institute of Information Science
National Yang Ming Chiao Tung University

研究成果: 期刊稿件 › 文章 › 同行評審

59 引文斯高帕斯（Scopus）

摘要

The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.

原文	英語
頁（從 - 到）	739-761
頁數	23
期刊	Computer Networks
卷	48
發行號	5
DOIs	https://doi.org/10.1016/j.comnet.2005.01.003
出版狀態	已出版 - 05 08 2005
對外發佈	是

存取文件

10.1016/j.comnet.2005.01.003

其它文件與鏈接

Link to publication in Scopus

引用此

@article{364326324c0648da99da7e4056509637,

title = "A testing framework for Web application security assessment",

abstract = "The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.",

keywords = "Black-box testing, Complete crawling, Fault injection, Security assessment, Web application testing",

author = "Huang, \{Yao Wen\} and Tsai, \{Chung Hung\} and Lin, \{Tsung Po\} and Huang, \{Shih Kun\} and Lee, \{D. T.\} and Kuo, \{Sy Yen\}",

year = "2005",

month = aug,

day = "5",

doi = "10.1016/j.comnet.2005.01.003",

language = "英语",

volume = "48",

pages = "739--761",

journal = "Computer Networks",

issn = "1389-1286",

publisher = "Elsevier B.V.",

number = "5",

}

TY - JOUR

T1 - A testing framework for Web application security assessment

AU - Huang, Yao Wen

AU - Tsai, Chung Hung

AU - Lin, Tsung Po

AU - Huang, Shih Kun

AU - Lee, D. T.

AU - Kuo, Sy Yen

PY - 2005/8/5

Y1 - 2005/8/5

N2 - The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.

AB - The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.

KW - Black-box testing

KW - Complete crawling

KW - Fault injection

KW - Security assessment

KW - Web application testing

UR - https://www.scopus.com/pages/publications/18844454053

U2 - 10.1016/j.comnet.2005.01.003

DO - 10.1016/j.comnet.2005.01.003

M3 - 文章

AN - SCOPUS:18844454053

SN - 1389-1286

VL - 48

SP - 739

EP - 761

JO - Computer Networks

JF - Computer Networks

IS - 5

ER -

A testing framework for Web application security assessment

摘要

存取文件

其它文件與鏈接

指紋

引用此