Abstract

AbstractThe paper proposes a security testing technique to detect known vulnerabilities of web applications using both static and dynamic analysis. We also present a process to improve the security of web applications by mitigating many of the vulnerabilities revealed in the testing phase, and address a new method for detecting unknown vulnerabilities by applying dynamic black-box testing based on a fuzzing technique. The fuzzing technique includes a structured fuzzing strategy that considers the input data format as well as misuse case generation to enhance the detection rate compared to general fuzzing techniques. To verify the proposed approaches, we conducted an experiment using an open source web application (BugTrack) and web application server (JEUS 6). The experiment results show that our testing technique found 142 vulnerabilities of which we were able to remove or mitigate 138 by employing the principles of secure coding. These results imply that our proposed approaches are effective at detecting and mitigating vulnerabilities of web applications.KeywordsWeb applicationSecurity testingVulnerabilitySecurity

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call