Risk-Based Vulnerability Testing Using Security Test Patterns
نویسندگان
چکیده
This paper introduces an original security testing approach guided by risk assessment, by means of risk coverage, to perform and automate vulnerability testing for Web applications. This approach, called Risk-Based Vulnerability Testing, adapts Model-Based Testing techniques, which are mostly used currently to address functional features. It also extends Model-Based Vulnerability Testing techniques by driving the testing process using security test patterns selected from risk assessment results. The adaptation of such techniques for Risk-Based Vulnerability Testing defines novel features in this research domain. In this paper, we describe the principles of our approach, which is based on a mixed modeling of the System Under Test: the model used for automated test generation captures some behavioral aspects of the Web applications, but also includes vulnerability test purposes to drive the test generation process.
منابع مشابه
Combining Reusable Test Cases and Continuous Security Testing for Reducing Web Apps Security Risks
In network communication age, information technology is being at the continuous and rapid evolution process. Network access equipment, information system and Web Apps must rapidly and continuously update to meet the user interested requirements. Major challenge of Web Apps frequent changes is the security of user personal data and transactions information. Vulnerability scanning and penetration...
متن کاملVulnerability Testing of Software System Using Fault Injection
We describe an approach for testing a software system for possible security flaws. Traditionally, security testing is done using penetration analysis and formal methods. Based on the observation that most security flaws are triggered due to a flawed interaction with the environment, we view the security testing problem as the problem of testing for the fault-tolerance properties of a software s...
متن کاملSecurity testing of session initiation protocol implementations
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...
متن کاملTESTING FOR “RANDOMNESS” IN SPATIAL POINT PATTERNS, USING TEST STATISTICS BASED ON ONE-DIMENSIONAL INTER-EVENT DISTANCES
To test for “randomness” in spatial point patterns, we propose two test statistics that are obtained by “reducing” two-dimensional point patterns to the one-dimensional one. Also the exact and asymptotic distribution of these statistics are drawn.
متن کاملTesting for Software Vulnerability Using Environment Perturbation
We describe an methodology for testing a software system for possible security flaws. Traditionally, security testing is done using penetration analysis and formal methods. Based on the observation that most security flaws are triggered due to a flawed interaction with the environment, we view the security testing problem as the problem of testing for the fault-tolerance properties of a softwar...
متن کامل