Evaluation of the IPO-Family algorithms for test case generation in web security testing

Božić, Josip; Garn, Bernhard; Simos, Dimitris E.; Wotawa, Franz

doi:10.1109/icstw.2015.7107436

Cited by 21 publications

(8 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…-In the majority of our past security testing experiments [2], [3], [7] we have witnessed that higher strength interaction testing yields better results w.r.t. exploitation rate.…”

Section: Combinatorial Testing For Web Security Testingmentioning

confidence: 96%

“…Combinatorial testing has been successfully applied for testing (critical) software systems in large organizations [11]. It is an already proven method for blackbox security testing of large-scale web software systems [7], [3], [2] where t-way testing was applied successfully to XSS detection. In this section, we review these key contributions in web security testing that are based on combinatorial methods and are used as a basis for analyzing XSS vulnerabilities via fault localization methods throughout this paper.…”

Section: Combinatorial Testing For Web Security Testingmentioning

confidence: 99%

“…However, we were still able to exploit XSS vulnerabilities using a 4-way test set. -An important finding in the post-processing of 2-way test sets used in [3] was that it revealed a surprising high percentage of 3-way and 4-way combinations covered in the successful XSS attack vectors (per test set and SUT).…”

Section: Combinatorial Testing For Web Security Testingmentioning

confidence: 99%

See 2 more Smart Citations

A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing

Simos

Kleine

Ghandehari

et al. 2016

Testing Software and Systems

Self Cite

View full text Add to dashboard Cite

Web applications typically employ sanitization functions to sanitize user inputs, independently whether this input is assumed to be legitimate, invalid or malicious. When such functions do not work correctly, a web application immediately becomes vulnerable to security attacks such as XSS. In this paper, we report a combinatorial approach to analyze XSS vulnerabilities in web applications. Our approach first performs combinatorial testing where a set of test vectors is executed against a subject application. If one or more XSS vulnerabilities are triggered during testing, we analyze the structure of each test vector to identify XSS-inducing combinations of its parameter model. If an attack vector contains an XSS-inducing combination, then the execution of this vector will successfully exploit an XSS vulnerability. Identification of XSS-inducing combinations provides insights about which kinds of user input might still be leverageable for XSS attacks and how to correct the function to provide better security guarantees. We conducted an experiment in which our approach was applied to four sanitization functions from the Web Application Vulnerability Scanner Evaluation Project (WAVSEP). The experimental results show that our approach can effectively identify XSS-inducing combinations for these sanitization functions.

show abstract

“…-In the majority of our past security testing experiments [2], [3], [7] we have witnessed that higher strength interaction testing yields better results w.r.t. exploitation rate.…”

Section: Combinatorial Testing For Web Security Testingmentioning

confidence: 96%

Section: Combinatorial Testing For Web Security Testingmentioning

confidence: 99%

Section: Combinatorial Testing For Web Security Testingmentioning

confidence: 99%

See 1 more Smart Citation

A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing

Simos

Kleine

Ghandehari

et al. 2016

Testing Software and Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…The combinatorial test design process for XSS attack vector generation, has been explained in detail in [6], [10].…”

Section: Bnf Grammar For Xss Attack Vectorsmentioning

confidence: 99%

Attack Pattern-Based Combinatorial Testing with Constraints for Web Security Testing

Božić

Garn

Kapsalis

et al. 2015

2015 IEEE International Conference on Software Quality, Reliability and Security

Self Cite

View full text Add to dashboard Cite

Security testing of web applications remains a major problem of software engineering. In order to reveal vulnerabilities, manual and automatic testing approaches use different strategies for detection of certain kinds of inputs that might lead to a security breach. In this paper we compared a state-of-the-art manual testing tool with an automated one that is based on model-based testing. The first tool requires user input from the tester whereas the second one reduces the necessary amount of manual manipulation. Both approaches depend on the corresponding test case generation technique and its produced inputs are executed against the system under test (SUT). For this case we enhance a novel technique, which combines a combinatorial testing technique for input generation and a model-based technique for test execution. In this work the input parameter modelling is improved by adding constraints to generate more comprehensive and sophisticated testing inputs. The evaluated results indicate that both techniques succeed in detecting security leaks in web applications with different results, depending on the background logic of the testing approach. Last but not least, we claim that attack pattern-based combinatorial testing with constraints can be an alternative method for web application security testing, especially when we compare our method to other test generation techniques like fuzz testing.

show abstract

“…The metrics and evaluation method used is a typical example of the construct threats, which concern whether the metrics/evaluation method can reflect what we intend to measure. In our work, the metrics studied are widely used in this field of research [59,60] and they serves as quality indicator for different aspects of SQLi testing. To mitigate the randomness introduced by the training, we repeat 20 experiment runs for each tool under a SUT.…”

Section: Threats To Validitymentioning

confidence: 99%

DeepSQLi: Deep Semantic Learning for Testing SQL Injection

Liu

Chen

2020

Preprint

View full text Add to dashboard Cite

Security is unarguably the most serious concern for Web applications, to which SQL injection (SQLi) attack is one of the most devastating attacks. Automatically testing SQLi vulnerabilities is of ultimate importance, yet is unfortunately far from trivial to implement. This is because the existence of a huge, or potentially infinite, number of variants and semantic possibilities of SQL leading to SQLi attacks on various Web applications. In this paper, we propose a deep natural language processing based tool, dubbed DeepSQLi, to generate test cases for detecting SQLi vulnerabilities. Through adopting deep learning based neural language model and sequence of words prediction, DeepSQLi is equipped with the ability to learn the semantic knowledge embedded in SQLi attacks, allowing it to translate user inputs (or a test case) into a new test case, which is semantically related and potentially more sophisticated. Experiments are conducted to compare DeepSQLi with SQLmap, a state-of-the-art SQLi testing automation tool, on six real-world Web applications that are of different scales, characteristics and domains. Empirical results demonstrate the effectiveness and the remarkable superiority of DeepSQLi over SQLmap, such that more SQLi vulnerabilities can be identified by using a less number of test cases, whilst running much faster.

show abstract

Evaluation of the IPO-Family algorithms for test case generation in web security testing

Cited by 21 publications

References 35 publications

A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing

A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing

Attack Pattern-Based Combinatorial Testing with Constraints for Web Security Testing

DeepSQLi: Deep Semantic Learning for Testing SQL Injection

Contact Info

Product

Resources

About