Security testing technology based on the provisions of the simulation models scaling theory

Abstract

The simulation model of web- application security testing technologies is improved in the work. The basis of the development is the basic provisions of the theory of scaling imitation models in the framework of algorithmic simplification based on the evaluation of transitive dependence on management and data. A distinctive feature of the developed simulation model is the adaptation of the choice of input control-flow statements and data to an increase in the requirements for the speed of development and implementation of the model, which resulted in the implementation of the procedure for interacting with a real browser using browser automation tools and generating attack data in several dialects. In order to reduce the time spent on simulation modeling, it was decided to conduct scaling by replacing the information exchange procedures with the server using an HTTP client with the procedures of interacting with a real browser using browser automation tools. In addition to the main purpose of scaling, this replacement will increase the reliability of the result of testing the attack with the injection of JavaScript code. In this case, the Selenium Webdriver library was chosen as a mean of browser automation. One of the difficulties of testing vulnerability to SQL injections is a large number of SQL dialects depending on the database management system used. This fact forces the generation of data for an attack in several dialects to maximize coverage of attack vectors. On the one hand, this increases the amount of input data of the simulation model, increases the complexity of the project and negatively affects the overall time characteristics of implementation and testing of the vulnerability. On the other hand, using the proposed scaling approach, the complexity of the project can be significantly reduced without degrading the qualitative characteristics. The proposed approach of algorithmic simplification of simulation modeling is based on advanced procedures for estimating transitive control and data dependencies. The admissibility and expediency of using the estimation of the transitive dependency has been determined, which will reduce the computational complexity of the implemented algorithms in comparison with the algorithms for estimating the direct dependency up to 1,5 times.