Skip to Main content Skip to Navigation
Conference papers

Plan It! Automated Security Testing Based on Planning

Abstract : Testing of web applications for common vulnerabilities still represents a major challenge in the area of security testing. The objective here is not necessarily to find new vulnerabilities but to ensure that the web application handles well-known attack patterns in a reliable way. Previously developed methods based on formalizing attack patterns contribute to the underlying challenge. However, the adaptation of the attack models is not easy and requires substantial effort. In order to make modeling easier we suggest representing attacks as a sequence of known actions that have to be carried out in order to be successful. Each action has some pre conditions and some effects. Hence, we are able to represent testing in this context as a planning problem where the goal is to break the application under test. In the paper, we discuss the proposed planning based testing approach, introduce the underlying concepts and definitions, and present some experimental results obtained from an implementation.
Complete list of metadata

Cited literature [19 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, November 29, 2016 - 4:39:18 PM
Last modification on : Tuesday, November 29, 2016 - 4:48:50 PM
Long-term archiving on: : Monday, March 27, 2017 - 7:07:10 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Franz Wotawa, Josip Bozic. Plan It! Automated Security Testing Based on Planning. 26th IFIP International Conference on Testing Software and Systems (ICTSS), Sep 2014, Madrid, Spain. pp.48-62, ⟨10.1007/978-3-662-44857-1_4⟩. ⟨hal-01405274⟩



Record views


Files downloads