Plan It! Automated Security Testing Based on Planning

Abstract : Testing of web applications for common vulnerabilities still represents a major challenge in the area of security testing. The objective here is not necessarily to find new vulnerabilities but to ensure that the web application handles well-known attack patterns in a reliable way. Previously developed methods based on formalizing attack patterns contribute to the underlying challenge. However, the adaptation of the attack models is not easy and requires substantial effort. In order to make modeling easier we suggest representing attacks as a sequence of known actions that have to be carried out in order to be successful. Each action has some pre conditions and some effects. Hence, we are able to represent testing in this context as a planning problem where the goal is to break the application under test. In the paper, we discuss the proposed planning based testing approach, introduce the underlying concepts and definitions, and present some experimental results obtained from an implementation.
Type de document :
Communication dans un congrès
Mercedes G. Merayo; Edgardo Montes Oca. 26th IFIP International Conference on Testing Software and Systems (ICTSS), Sep 2014, Madrid, Spain. Springer, Lecture Notes in Computer Science, LNCS-8763, pp.48-62, 2014, Testing Software and Systems. 〈10.1007/978-3-662-44857-1_4〉
Liste complète des métadonnées

Littérature citée [19 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01405274
Contributeur : Hal Ifip <>
Soumis le : mardi 29 novembre 2016 - 16:39:18
Dernière modification le : mardi 29 novembre 2016 - 16:48:50
Document(s) archivé(s) le : lundi 27 mars 2017 - 07:07:10

Fichier

978-3-662-44857-1_4_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Franz Wotawa, Josip Bozic. Plan It! Automated Security Testing Based on Planning. Mercedes G. Merayo; Edgardo Montes Oca. 26th IFIP International Conference on Testing Software and Systems (ICTSS), Sep 2014, Madrid, Spain. Springer, Lecture Notes in Computer Science, LNCS-8763, pp.48-62, 2014, Testing Software and Systems. 〈10.1007/978-3-662-44857-1_4〉. 〈hal-01405274〉

Partager

Métriques

Consultations de la notice

82

Téléchargements de fichiers

26