Dual Security Testing Model for Web Applications
نویسندگان
چکیده
In recent years, web applications have evolved from small websites into large multi-tiered applications. The quality of web applications depends on the richness of contents, well structured navigation and most importantly its security. Web application testing is a new field of research so as to ensure the consistency and quality of web applications. In the last ten years there have been different approaches. Models have been developed for testing web applications but only a few focused on content testing, a few on navigation testing and a very few on security testing of web applications. There is a need to test content, navigation and security of an application in one go. The objective of this paper is to propose Dual Security Testing Model to test the security of web applications using UML modeling technique which includes web socket interface. In this research paper we have described how our security testing model is implemented using activity diagram, activity graph and based on this how test cases are generated. Keywords—Web application testing; Security testing; UML modeling; Web socket programming
منابع مشابه
Semi-Automatic Security Testing of Web Applications with Fault Models and Properties
Web applications are complex and face a significant amount of complex attacks, as well. The complexity makes manual testing of web applications for security issues hard and time consuming, thus, automated testing is preferable. To tackle the complexity, we propose a (semi-)automatic model-based testing approach. Using models, test cases are often generated using structural criteria. Since such ...
متن کاملSecurity testing of session initiation protocol implementations
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...
متن کاملProtection Tiers and Their Applications for Evaluating Untrusted Code on A Linux-Based Web Server
Evaluating untrusted computer programs online by executing and testing them real-time has a challenging task of protecting the system integrity and the data confidentiality of the computer host. For the web based services on one of the most popular computer platforms, Linux, we propose three security protection tiers of different complexity and resource cost to incorporate the potentially unsaf...
متن کاملSecurity Testing of Web Applications: Issues and Challenges
Due to the increasing complexity of web systems, security testing has become indispensable and critical activity of web application development life cycle. Security testing aims to maintain the confidentiality of the data, to check against any information leakage and to maintain the functionality as intended. It checks whether the security requirements are fulfilled by the web applications when...
متن کاملTesting for Tautology based SQL Injection Attack using Runtime Monitors
Today, all commercial and business applications (ecommerce, banking, blogs, web mail, etc.,) are built as webbased database applications. Increasing prominence and usage of these applications has made them more susceptible to attacks because they store huge amount of sensitive user information. Traditional security mechanisms like network firewalls, intrusion detection systems, and use of encry...
متن کامل