Abstract
AbstractThe paper proposes a security testing technique to detect known vulnerabilities of web applications using both static and dynamic analysis. We also present a process to improve the security of web applications by mitigating many of the vulnerabilities revealed in the testing phase, and address a new method for detecting unknown vulnerabilities by applying dynamic black-box testing based on a fuzzing technique. The fuzzing technique includes a structured fuzzing strategy that considers the input data format as well as misuse case generation to enhance the detection rate compared to general fuzzing techniques. To verify the proposed approaches, we conducted an experiment using an open source web application (BugTrack) and web application server (JEUS 6). The experiment results show that our testing technique found 142 vulnerabilities of which we were able to remove or mitigate 138 by employing the principles of secure coding. These results imply that our proposed approaches are effective at detecting and mitigating vulnerabilities of web applications.KeywordsWeb applicationSecurity testingVulnerabilitySecurity
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
