Perturbation-based user-input-validation testing of web applications

Li, Nuo; Xie, Tao; Maozhong, Jin; Liu, Chao

doi:10.1016/j.jss.2010.07.007

Cited by 28 publications

(18 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Generally, to a great extent, the effect of both code-based criteria and methods relies on the evolutionary of features or the sufficiency of the collection produced in the test for detecting the XSS vulnerabilities in the source code. Among the disadvantages of this method, lack of preventing the incorrect positive valid inputs can be mentioned [10].…”

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Presentation of a Pattern to Counteract the Attacks of XSS Malware

Najjari¹,

Modiri²

2016

IJCA

View full text Add to dashboard Cite

Cross Site programming (XSS) is the script attack in web pages, and it is accounted as one of the most dangerous problems of web applications. The researchers of security have investigated on different problems and they have found that the XSS vulnerability exists in many of known websites. The vulnerability is applied when an attacker reaches to an authorized user's web explorer optionally and he/she might do cookie theft, develop destructive software, thieve the session and change the path of destruction. The validation of the user's input is the first obstacle to protect the web applications against this vulnerability. The main aim of improving the security of web applications is improvement in the quality of user's input validation. Unfortunately, the web application developers usually forget the user's input validation and/or implement a weak validation. In this paper, it is attempted to present a pattern to validate the user's input correctly in the web applications, and the obtained results are compared with the tools of scanning the existing vulnerability.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

“…(Fiddler, Burp Proxy, Tamperie) tools, allow the developers edit the input in the web pages directly, but they do not give them any help with respect to production of different input tests. In the following table, the features of these tools are compared with each other [10].…”

Section: Tools Of Scanning the Vulnerability Of Web Pagesmentioning

confidence: 99%

Presentation of a Pattern to Counteract the Attacks of XSS Malware

Najjari¹,

Modiri²

2016

IJCA

View full text Add to dashboard Cite

show abstract

“…For example, an invalid email address can be a string without "@" or with some invalid characters, such as "$", "&" and "=" [12].…”

Section: Approach Overviewmentioning

confidence: 99%

A Combined Technique of GUI Ripping and Input Perturbation Testing for Android Apps

Imparato

2015

2015 IEEE/ACM 37th IEEE International Conference on Software Engineering

View full text Add to dashboard Cite

Mobile applications have become an integral part of the daily lives of millions of users, thus making necessary to ensure their security and reliability. Moreover the increasing number of mobile applications with rich Graphical User Interfaces (GUI) creates a growing need for automated techniques of GUI Testing for mobile applications.In this paper, the GUI Ripping Technique is combined with the Input Perturbation Testing to improve the quality of Android Application Testing. The proposed technique, based on a systematic and automatic exploration of the behavior of Android applications, creates a model of the explored GUI and then uses it to generate the perturbed text inputs. The technique was evaluated on many Android apps and its results were compared with random input tests.

show abstract

“…Specification-based IVT methods [54,55,76,77,104] generate test cases with the aim of exercising various combinations of valid/invalid input conditions stated in specifications. Since input validation implemented in client-side scripts can be easily bypassed by attackers, Offutt et al…”

Section: Input Validation Testingmentioning

confidence: 99%

“…[104] proposed a bypass testing technique that specifically checks the adequacy of input validation implemented in server-side scripts. To avoid the sole dependency on specifications, Li et al [77] analyzed input fields and their surrounding texts in HTML pages to infer valid input conditions.…”

Section: Input Validation Testingmentioning

confidence: 99%

Mitigating SQL injection and cross site scripting vulnerabilities using program analysis and data mining techniques

Shar¹

View full text Add to dashboard Cite

The years I spent on my PhD study in NTU have without doubt been the most rewarding part of my life. Campus life, research challenges, working with professors and colleagues have equipped me with necessary skills to thrive. I am eternally grateful to the people who shared these memories with me and to those who made it possible. My deepest gratitude goes to my supervisor, Prof. Tan Hee Beng Kuan. Tan has provided me with invaluable guidance, continuous support and encouragement. He has spent much effort on finding different research topics and approaches to make progresses and achievements for my project. His insistence on excellence has influenced my way of life and made me a fine researcher, writer, and critical thinker. I also thank Prof. Lionel C. Briand from SnT Centre, University of Luxembourg, for his insightful suggestions and advices. He has shared with me his unique problem solving skills. My special thanks go to my fellow research students, Ding Sun, Bindu, and Kaiping, who have shared with me some of their research works and with whom I have exchanged ideas. I would also like to thank my colleagues in InfoComm Research Lab for many fruitful discussions about the research issues and for sharing ideas about the project and contributing suggestions. I am also grateful to the Master students from Communication Software and Networks course who have worked with me in developing prototype tools and carrying out experiments. Last but not least, I wish to thank my parents and Thinzar, my lovely wife, to whom I am eternally indebted. I am grateful for all their love, care, encouragement, and support throughout this journey. I would not have come this far without them.

show abstract

Perturbation-based user-input-validation testing of web applications

Cited by 28 publications

References 7 publications

Presentation of a Pattern to Counteract the Attacks of XSS Malware

Presentation of a Pattern to Counteract the Attacks of XSS Malware

A Combined Technique of GUI Ripping and Input Perturbation Testing for Android Apps

Mitigating SQL injection and cross site scripting vulnerabilities using program analysis and data mining techniques

Contact Info

Product

Resources

About