2009 33rd Annual IEEE International Computer Software and Applications Conference 2009
DOI: 10.1109/compsac.2009.189
|View full text |Cite
|
Sign up to set email alerts
|

GUI-Based Testing of Boundary Overflow Vulnerability

Abstract: Boundary overflows are caused by violation of constraints, mostly limiting the range of internal values of a program, and can be provoked by an intruder to gain control of or access to stored data. In order to countermeasure this well-known vulnerability issue, this paper focuses on input validation of graphical user interfaces (GUI). The approach proposed generates test cases for numerical inputs based on GUI specification through decision tables. If boundary overflow error (s) are detected, the source code … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
5
0

Year Published

2009
2009
2018
2018

Publication Types

Select...
3
1

Relationship

1
3

Authors

Journals

citations
Cited by 4 publications
(5 citation statements)
references
References 10 publications
0
5
0
Order By: Relevance
“…The tools sqlmap and Wapiti did not detect the vulnerability, although according to the previously mentioned security test tool evaluation 7 both tools found all SQL injection vulnerabilities. Our presented approach did, however, find it.…”
Section: A Security Test Tool Benchmarkmentioning
confidence: 99%
See 1 more Smart Citation
“…The tools sqlmap and Wapiti did not detect the vulnerability, although according to the previously mentioned security test tool evaluation 7 both tools found all SQL injection vulnerabilities. Our presented approach did, however, find it.…”
Section: A Security Test Tool Benchmarkmentioning
confidence: 99%
“…Various possible behavior aspects can be monitored for such security tests to automatically detect security errors. Monitoring the Graphical User Interface (GUI) is shown by Tuglular et al [7]. Antunes and Vieira [8] presented an approach for monitoring the SUT during penetration tests to detect injection vulnerabilities.…”
Section: Related Workmentioning
confidence: 99%
“…Equivalence class partitioning and boundary value approaches support the test case generation process [1,2]. This paper is an extension of our preliminary work [26], where we introduced algorithms for detection and correction of boundary overflow vulnerabilities through static analysis. The novelty of the present paper stems from following:…”
Section: Introductionmentioning
confidence: 99%
“…When the structure of a GUI is modified, test cases from the original GUI's suite are either reusable or unusable on the modified GUI. We developed algorithms to (1) automatically determine the usable and unusable test cases from a test suite after a GUI modification, (2) determine the unusable test cases that can be repaired so that they can execute on the modified GUI, and (3) use repairing transformations to repair the test cases. The challenges of repairing sequences were fewer in the context of regression testing because we used the differences between the two versions' EFGs to drive the repairs.…”
Section: A Gui Testingmentioning
confidence: 99%
“…Black-box testing of programs with Graphical User Interfaces (or GUIs) can be achieved by executing sequences of events based on a model of the GUI [1], [2]. Test cases define sequences of behavior; i.e., these are subsets of the specifications of behavior for the program.…”
Section: Introductionmentioning
confidence: 99%