Ontology-driven Security Testing of Web Applications

Abstract

Vulnerabilities in existing software systems represent a great challenge for security assurance, where well known attacks like cross-site scripting (XSS) or SQL injections (SQLI) still represent a common threat for today's web applications. Failure to cover these issues in verification might result in unforeseen consequences for users of such software systems. For this reason, we have to come up with a rigorous testing approach should that should combine knowledge about common attacks and the system under test. Ontologies, which is a concept originating from philosophy and also considered in AI research, provide means for formalizing such knowledge from which we want to obtain test cases in an automated fashion. In this paper, we follow this idea and present a security testing approach that relies on ontologies of attacks and the system under test. In particular, the used ontology depicts information from the domain of web applications as well as their communication protocol. Actually, such a model represents an attack ontology that serves as the initial step in a test generation process. In turn, the inferred output is used in order to test a SUT for vulnerabilities. The test case generation process converts ontologies into input models for combinatorial testing (CT), from which we obtain abstract test cases that can be automatically mapped to concrete ones. Besides outlining the foundations behind this approach, we also show its applicability considering case studies from the domain of web applications.