Semi-Automatic Security Testing of Web Applications from a Secure Model

Büchler, Matthias; Oudinet, Johan; Pretschner, Alexander

doi:10.1109/sere.2012.38

Cited by 38 publications

(55 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Fault models provide abstract descriptions for specific things that can go wrong in a certain domain [32]. Several examples of fault models have been proposed (e.g., for access control policies [22], or for specific concurrency or security faults [7,32]). Our work is the first to define such notion for mixed discrete-continuous Stateflows and apply it using meta-heuristic search.…”

Section: Related Workmentioning

confidence: 99%

Effective test suites for mixed discrete-continuous stateflow controllers

Matinnejad

Nejati

Briand

et al. 2015

Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering

View full text Add to dashboard Cite

Modeling mixed discrete-continuous controllers using Stateflow is common practice and has a long tradition in the embedded software system industry. Testing Stateflow models is complicated by expensive and manual test oracles that are not amenable to full automation due to the complex continuous behaviors of such models. In this paper, we reduce the cost of manual test oracles by providing test case selection algorithms that help engineers develop small test suites with high fault revealing power for Stateflow models. We present six test selection algorithms for discrete-continuous Stateflows: An adaptive random test selection algorithm that diversifies test inputs, two white-box coverage-based algorithms, a black-box algorithm that diversifies test outputs, and two search-based blackbox algorithms that aim to maximize the likelihood of presence of continuous output failure patterns. We evaluate and compare our test selection algorithms, and find that our three output-based algorithms consistently outperform the coverage-and input-based algorithms in revealing faults in discrete-continuous Stateflow models. Further, we show that our output-based algorithms are complementary as the two search-based algorithms perform best in revealing specific failures with small test suites, while the output diversity algorithm is able to identify different failure types better than other algorithms when test suites are above a certain size.

show abstract

Section: Related Workmentioning

confidence: 99%

Effective test suites for mixed discrete-continuous stateflow controllers

Matinnejad

Nejati

Briand

et al. 2015

Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering

View full text Add to dashboard Cite

show abstract

“…Their method targets XSS vulnerabilities. The work of Büchler et al [45,46] motivates the use of a secure model formulated in ASLan++. 2 This model then is mutated to introduce typical vulnerabilities in web applications, and subsequently passed to a model-checker which yields attack traces.…”

Section: Web Application Security Testingmentioning

confidence: 99%

Knowledge-based security testing of web applications by logic programming

Zech

Felderer

Breu

2017

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

This article introduces a new method for knowledge-based security testing by logic programming and the related tool implementation for model-based nonfunctional security testing of web applications. Our method helps to overcome the current prevalent focus on functional instead of non-functional (or negative) requirements as well as the required high level of security knowledge when performing non-functional security testing. It addresses issues like considering non-functional requirements for testing, managing the virtually infinite amount of negative security test cases, advancing non-functional security testing away from its prevalent penetration testing-like style, and making non-functional security testing feasible for testers that are not experts in security via a security knowledge base. The method and its model-based tool implementation are evaluated in two studies, which show the method's effectiveness in detecting vulnerabilities in web applications and thus, also its value in making software system more secure.

show abstract

“…If a violation occurs, it is executed against a real implementation. Büchler et al [13] proposed an approach that assumes (i) a model is given (ii) and the model is secure. Then they propose to mutate the model by injecting vulnerabilities and to use a model checker for detecting violations.…”

Section: C) Model-based Security Testingmentioning

confidence: 99%

Toward Black-Box Detection of Logic Flaws in Web Applications

Pellegrino

Balzarotti

2014

Proceedings 2014 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-Web applications play a very important role in many critical areas, including online banking, health care, and personal communication. This, combined with the limited security training of many web developers, makes web applications one of the most common targets for attackers.In the past, researchers have proposed a large number of white-and black-box techniques to test web applications for the presence of several classes of vulnerabilities. However, traditional approaches focus mostly on the detection of input validation flaws, such as SQL injection and cross-site scripting. Unfortunately, logic vulnerabilities specific to particular applications remain outside the scope of most of the existing tools and still need to be discovered by manual inspection.In this paper we propose a novel black-box technique to detect logic vulnerabilities in web applications. Our approach is based on the automatic identification of a number of behavioral patterns starting from few network traces in which users interact with a certain application. Based on the extracted model, we then generate targeted test cases following a number of common attack scenarios.We applied our prototype to seven real world E-commerce web applications, discovering ten very severe and previouslyunknown logic vulnerabilities.

show abstract

Semi-Automatic Security Testing of Web Applications from a Secure Model

Cited by 38 publications

References 18 publications

Effective test suites for mixed discrete-continuous stateflow controllers

Effective test suites for mixed discrete-continuous stateflow controllers

Knowledge-based security testing of web applications by logic programming

Toward Black-Box Detection of Logic Flaws in Web Applications

Contact Info

Product

Resources

About