Interaction Platform for Improving Detection Capability of Dynamic Application Security Testing

Jonghwan Im; Jongwon Yoon; Minsik Jin

doi:10.5220/0006437104740479

Interaction Platform for Improving Detection Capability of Dynamic Application Security Testing

Jonghwan Im, Jongwon Yoon, Minsik Jin

2017

Abstract

Dynamic application security testing detects security vulnerabilities by sending predefined strings to web applications. So if the web applications have filters which restrict input parameters, the detection capability of dynamic application security testing is degraded. To solve this problem, interactive application security testing have emerged in which dynamic application security testing interact with static application security testing. In this paper, we propose an interactive platform for storing, processing, and distributing information collected from each security test in the software development life cycle. And we use this platform to verify that we can detect cross-site script vulnerabilities that could not be detected due to web application filters. Experiments on the proposed approach for the cross-site script vulnerability test case of OWASP Benchmark show that the detection rate of the dynamic analyzer is improved by about 32.11%.

Download

Paper Citation

in Harvard Style

Im J., Yoon J. and Jin M. (2017). Interaction Platform for Improving Detection Capability of Dynamic Application Security Testing . In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017) ISBN 978-989-758-259-2, pages 474-479. DOI: 10.5220/0006437104740479

in Bibtex Style

@conference{secrypt17,
author={Jonghwan Im and Jongwon Yoon and Minsik Jin},
title={Interaction Platform for Improving Detection Capability of Dynamic Application Security Testing},
booktitle={Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)},
year={2017},
pages={474-479},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006437104740479},
isbn={978-989-758-259-2},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)
TI - Interaction Platform for Improving Detection Capability of Dynamic Application Security Testing
SN - 978-989-758-259-2
AU - Im J.
AU - Yoon J.
AU - Jin M.
PY - 2017
SP - 474
EP - 479
DO - 10.5220/0006437104740479