Security Testing Framework for Web Applications

Abstract

The growth of web-based applications has increased tremendously from last two decades. While these applications bring huge benefits to society, yet they suffer from various security threats. Although there exist various techniques to ensure the security of web applications, still a large number of applications suffer from a wide variety of attacks and result in financial loses. In this article, a security-testing framework for web applications is proposed with an argument that security of an application should be tested at every stage of software development life cycle (SDLC). Security testing is initiated from the requirement engineering phase using a keyword-analysis phase. The output of the first phase serves as input to the next phase. Different case study applications indicate that the framework assists in early detection of security threats and applying appropriate security measures. The results obtained from the implementation of the proposed framework demonstrated a high detection ratio with a less false-positive rate.