Abstract

This article introduces a new method for knowledge-based security testing by logic programming and the related tool implementation for model-based non-functional security testing of web applications. Our method helps to overcome the current prevalent focus on functional instead of non-functional (or negative) requirements as well as the required high level of security knowledge when performing non-functional security testing. It addresses issues like considering non-functional requirements for testing, managing the virtually infinite amount of negative security test cases, advancing non-functional security testing away from its prevalent penetration testing-like style, and making non-functional security testing feasible for testers that are not experts in security via a security knowledge base. The method and its model-based tool implementation are evaluated in two studies, which show the method’s effectiveness in detecting vulnerabilities in web applications and thus, also its value in making software system more secure.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Coverage Criteria for Automatic Security Testing of Web Applications
Thanh Binh Dao ... Etsuya Shibayama
-
Thanh Binh Dao, et. al.Thanh Binh Dao ... Etsuya Shibayama
01 Jan 2009
Automating the Detection of Access Control Vulnerabilities in Web Applications
Marc Rennhard ... Valentin Zahnd
SN Computer Science | VOL. 3
Marc Rennhard, et. al.Marc Rennhard ... Valentin Zahnd
15 Jul 2022
Security testing of web applications: A systematic mapping of the literature
Murat Aydos ... Alperen Soydan
Journal of King Saud University - Computer and Information Sciences | VOL. 34
Murat Aydos, et. al.Murat Aydos ... Alperen Soydan
22 Sep 2021
Detection of XSS Vulnerabilities of Web Application Using Security Testing Approaches
Sanjukta Mohanty ... Arup Abhinna Acharya
-
Sanjukta Mohanty, et. al.Sanjukta Mohanty ... Arup Abhinna Acharya
29 Aug 2020
View more papers

More From: International Journal on Software Tools for Technology Transfer

Paper Title
Journal
Date
Author
Interactive abstract interpretation: reanalyzing multithreaded C programs for cheap
Julian Erhard ... Simmo Saan
International Journal on Software Tools for Technology Transfer | VOL. -
Julian Erhard, et. al.Julian Erhard ... Simmo Saan
25 Sep 2024
Open source container orchestration for Industry 4.0 – requirements and systematic feature analysis
Ahmad Alamoush ... Holger Eichelberger
International Journal on Software Tools for Technology Transfer | VOL. 26
Ahmad Alamoush, et. al.Ahmad Alamoush ... Holger Eichelberger
18 Sep 2024
State of the art in program analysis
Pietro Ferrara ... Liana Hadarean
International Journal on Software Tools for Technology Transfer | VOL. -
Pietro Ferrara, et. al.Pietro Ferrara ... Liana Hadarean
13 Sep 2024
When long jumps fall short: control-flow tracking and misuse detection for nonlocal jumps in C
Julian Erhard ... Helmut Seidl
International Journal on Software Tools for Technology Transfer | VOL. 26
Julian Erhard, et. al.Julian Erhard ... Helmut Seidl
29 Aug 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.