Plan It! Automated Security Testing Based on Planning

Abstract : Testing of web applications for common vulnerabilities still represents a major challenge in the area of security testing. The objective here is not necessarily to find new vulnerabilities but to ensure that the web application handles well-known attack patterns in a reliable way. Previously developed methods based on formalizing attack patterns contribute to the underlying challenge. However, the adaptation of the attack models is not easy and requires substantial effort. In order to make modeling easier we suggest representing attacks as a sequence of known actions that have to be carried out in order to be successful. Each action has some pre conditions and some effects. Hence, we are able to represent testing in this context as a planning problem where the goal is to break the application under test. In the paper, we discuss the proposed planning based testing approach, introduce the underlying concepts and definitions, and present some experimental results obtained from an implementation.
Document type :
Conference papers
Mercedes G. Merayo; Edgardo Montes Oca. 26th IFIP International Conference on Testing Software and Systems (ICTSS), Sep 2014, Madrid, Spain. Springer, Lecture Notes in Computer Science, LNCS-8763, pp.48-62, 2014, Testing Software and Systems. 〈10.1007/978-3-662-44857-1_4〉
Liste complète des métadonnées

Cited literature [19 references]  Display  Hide  Download

https://hal.inria.fr/hal-01405274
Contributor : Hal Ifip <>
Submitted on : Tuesday, November 29, 2016 - 4:39:18 PM
Last modification on : Tuesday, November 29, 2016 - 4:48:50 PM
Document(s) archivé(s) le : Monday, March 27, 2017 - 7:07:10 AM

File

978-3-662-44857-1_4_Chapter.pd...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Franz Wotawa, Josip Bozic. Plan It! Automated Security Testing Based on Planning. Mercedes G. Merayo; Edgardo Montes Oca. 26th IFIP International Conference on Testing Software and Systems (ICTSS), Sep 2014, Madrid, Spain. Springer, Lecture Notes in Computer Science, LNCS-8763, pp.48-62, 2014, Testing Software and Systems. 〈10.1007/978-3-662-44857-1_4〉. 〈hal-01405274〉

Share

Metrics

Record views

88

Files downloads

31