Metamorphic Testing for Web System Security

Chaleshtari, Nazanin Bayati; Pastore, Fabrizio; Göknil, Arda; Briand, Lionel C.

doi:10.1109/tse.2023.3256322

Cited by 7 publications

(2 citation statements)

References 103 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…And the threat of SQLi and XSS attacks to modern websites, emphasizing their prevalence and potential  ISSN: 2088-8708 for serious damage. It presents an in-depth review of these attacks, their vulnerabilities, and prevention methods, while also discussing future countermeasure developments [16]- [18].…”

Section: Related Workmentioning

confidence: 99%

“…Metamorphic security testing for web-interactions (MST-wi) automates security testing in modern web systems, addressing the oracle problem by integrating input generation strategies and utilizing engineerspecified metamorphic relations. Evaluation on Jenkins and Joomla revealed an 85% detection rate for vulnerabilities, highlighting MST-wi's scalability and efficacy in automated web system security testing [18]. An overview of vulnerability assessment and penetration testing (VAPT) techniques to address the increasing web hacking activities and emphasizes the importance of cybersecurity awareness and measures for organizations to protect against cyber threats [19]- [21].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Detecting vulnerabilities in website using multiscale approaches: based on case study

Chowdhury,

Rahman,

Rahman

2024

IJECE

View full text Add to dashboard Cite

In the realm of modern web applications, security stands as an utmost priority. To address this critical concern, we've developed a versatile Python script with the primary goal of proactively identifying vulnerabilities and thwarting transient attacks. Leveraging various libraries, this tool comprehensively covers a broad spectrum of threats, including SQL injection (SQLi), cross-site scripting (XSS), cross-site request forgery (CSRF), sensitive data leakage, security misconfiguration, distributed denial-of-service (DDoS) vulnerabilities, and secure socket layer (SSL) or transport layer security (TLS). This Python-based solution prioritizes adaptability, ensuring seamless integration of future updates to effectively combat evolving threats. Utilizing innovative methods such as SQLi and XSS payload injection, the script assesses the susceptibility of input fields. And addressing CSRF vulnerabilities, the script generates and validates tokens, fortifying defenses against unauthorized actions. Employing pattern analysis, it combats sensitive data exposure and security misconfigurations, adeptly identifying elements like credit card numbers, passwords, and headers. Furthermore, the script enhances overall security by scrutinizing SSL/TLS protocols and monitoring port accessibility. It reinforces DDoS detection by actively monitoring traffic patterns, identifying anomalies, and proactively averting disruptions.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Detecting vulnerabilities in website using multiscale approaches: based on case study

Chowdhury,

Rahman,

Rahman

2024

IJECE

View full text Add to dashboard Cite

show abstract

An empirical study of vulnerabilities in edge frameworks to support security testing improvement

Malik

Pastore

2023

Empir Software Eng

View full text Add to dashboard Cite

Edge computing is a distributed computing paradigm aiming at ensuring low latency in modern data intensive applications (e.g., video streaming and IoT). It consists of deploying computation and storage nodes close to the end-users. Unfortunately, being distributed and close to end-users, Edge systems have a wider attack surface (e.g., they may be physically reachable) and are more complex to update than other types of systems (e.g., Cloud systems) thus requiring thorough security testing activities, possibly tailored to be cost-effective. To support the development of effective and automated Edge security testing solutions, we conducted an empirical study of vulnerabilities affecting Edge frameworks. The study is driven by eight research questions that aim to determine what test triggers, test harnesses, test oracles, and input types should be considered when defining new security testing approaches dedicated to Edge systems. preconditions and inputs leading to a successful exploit, the security properties being violated, the most frequent vulnerability types, the software behaviours and developer mistakes associated to these vulnerabilities, and the severity of Edge vulnerabilities. We have inspected 147 vulnerabilities of four popular Edge frameworks. Our findings indicate that vulnerabilities slip through the testing process because of the complexity of the Edge features. Indeed, they can’t be exhaustively tested in-house because of the large number of combinations of inputs, outputs, and interfaces to be tested. Since we observed that most of the vulnerabilities do not affect the system integrity and, further, only one action (e.g., requesting a URL) is sufficient to exploit a vulnerability

show abstract

MetaCDP: Metamorphic Testing for Quality Assurance of Containerized Data Pipelines

Rehman,

Umbreen,

Rehman

2024

2024 IEEE Cloud Summit

View full text Add to dashboard Cite

Metamorphic Testing for Web System Security

Cited by 7 publications

References 103 publications

Detecting vulnerabilities in website using multiscale approaches: based on case study

Detecting vulnerabilities in website using multiscale approaches: based on case study

An empirical study of vulnerabilities in edge frameworks to support security testing improvement

MetaCDP: Metamorphic Testing for Quality Assurance of Containerized Data Pipelines

Contact Info

Product

Resources

About