A testing framework for Web application security assessment

Yao Wen Huang; Chung Hung Tsai; Tsung Po Lin; Shih-Kun Huang; D. T. Lee; Sy Yen Kuo

doi:10.1016/j.comnet.2005.01.003

A testing framework for Web application security assessment

Yao Wen Huang^*, Chung Hung Tsai, Tsung Po Lin, Shih-Kun Huang, D. T. Lee, Sy Yen Kuo

^*Corresponding author for this work

Department of Computer Science

Research output: Contribution to journal › Article › peer-review

57 Scopus citations

Abstract

The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.

Original language	English
Pages (from-to)	739-761
Number of pages	23
Journal	Computer Networks
Volume	48
Issue number	5
DOIs	https://doi.org/10.1016/j.comnet.2005.01.003
State	Published - 5 Aug 2005

Keywords

Black-box testing
Complete crawling
Fault injection
Security assessment
Web application testing

Access to Document

10.1016/j.comnet.2005.01.003

Cite this

@article{84aa93a5b77340d0a85af36c96aca960,

title = "A testing framework for Web application security assessment",

abstract = "The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.",

keywords = "Black-box testing, Complete crawling, Fault injection, Security assessment, Web application testing",

author = "Huang, {Yao Wen} and Tsai, {Chung Hung} and Lin, {Tsung Po} and Shih-Kun Huang and Lee, {D. T.} and Kuo, {Sy Yen}",

year = "2005",

month = aug,

day = "5",

doi = "10.1016/j.comnet.2005.01.003",

language = "English",

volume = "48",

pages = "739--761",

journal = "Computer Networks",

issn = "1389-1286",

publisher = "Elsevier B.V.",

number = "5",

}

TY - JOUR

T1 - A testing framework for Web application security assessment

AU - Huang, Yao Wen

AU - Tsai, Chung Hung

AU - Lin, Tsung Po

AU - Huang, Shih-Kun

AU - Lee, D. T.

AU - Kuo, Sy Yen

PY - 2005/8/5

Y1 - 2005/8/5

N2 - The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.

AB - The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.

KW - Black-box testing

KW - Complete crawling

KW - Fault injection

KW - Security assessment

KW - Web application testing

UR - http://www.scopus.com/inward/record.url?scp=18844454053&partnerID=8YFLogxK

U2 - 10.1016/j.comnet.2005.01.003

DO - 10.1016/j.comnet.2005.01.003

M3 - Article

AN - SCOPUS:18844454053

SN - 1389-1286

VL - 48

SP - 739

EP - 761

JO - Computer Networks

JF - Computer Networks

IS - 5

ER -

A testing framework for Web application security assessment

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this