Pattern based Web Security Testing

Paulo J. M. Araújo; Ana C. R. Paiva

doi:10.5220/0006606504720479

Pattern based Web Security Testing

Paulo J. M. Araújo, Ana C. R. Paiva

2018

Abstract

This paper presents a Pattern Based Testing approach for testing security aspects of the applications under test (AUT). It describes the two security patterns which are the focus of this work (``Account Lockout'' and ``Authentication Enforcer'') and the test strategies implemented to check if the applications are vulnerable or not regarding these patterns. The PBST (Pattern Based Security Testing) overall approach has two phases: exploration (to identify the web pages of the application under test) and testing (to execute the test strategies developed in order to detect vulnerabilities). An experiment is presented to validate the approach over five public web applications. The goal is to assess the behavior of the tool when varying the upper limit of pages to visit and assess its capacity to find real vulnerabilities. The results are promising. Indeed, it was possible to check that the vulnerabilities detected corresponded to real security problems.

Download

Paper Citation

in Harvard Style

J. M. Araújo P. and C. R. Paiva A. (2018). Pattern based Web Security Testing.In Proceedings of the 6th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD, ISBN 978-989-758-283-7, pages 472-479. DOI: 10.5220/0006606504720479

in Bibtex Style

@conference{modelsward18,
author={Paulo J. M. Araújo and Ana C. R. Paiva},
title={Pattern based Web Security Testing},
booktitle={Proceedings of the 6th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,},
year={2018},
pages={472-479},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006606504720479},
isbn={978-989-758-283-7},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,
TI - Pattern based Web Security Testing
SN - 978-989-758-283-7
AU - J. M. Araújo P.
AU - C. R. Paiva A.
PY - 2018
SP - 472
EP - 479
DO - 10.5220/0006606504720479