Search-based security testing of web applications

Thomé, Julian; Gorla, Alessandra; Zeller, Andreas

doi:10.1145/2593833.2593835

Cited by 30 publications

(20 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As the app is executed, screenshots and GUI-related metadata can be automatically extracted for each unique observed screen or layout of an app. Other similar automated GUI-ripping or crawling approaches can also be adapted for other platforms such as the web [77], [78], [79], [80], [81].…”

Section: Phase 21 -Large-scale Software Repository Mining and Dynamimentioning

confidence: 99%

Machine Learning-Based Prototyping of Graphical User Interfaces for Mobile Apps

Moran

Bernal-Cárdenas

Curcio

et al. 2020

IIEEE Trans. Software Eng.

164

120

View full text Add to dashboard Cite

It is common practice for developers of user-facing software to transform a mock-up of a graphical user interface (GUI) into code. This process takes place both at an application's inception and in an evolutionary context as GUI changes keep pace with evolving features. Unfortunately, this practice is challenging and time-consuming. In this paper, we present an approach that automates this process by enabling accurate prototyping of GUIs via three tasks: detection, classification, and assembly. First, logical components of a GUI are detected from a mock-up artifact using either computer vision techniques or mock-up metadata. Then, software repository mining, automated dynamic analysis, and deep convolutional neural networks are utilized to accurately classify GUI-components into domain-specific types (e.g., toggle-button). Finally, a data-driven, K-nearest-neighbors algorithm generates a suitable hierarchical GUI structure from which a prototype application can be automatically assembled. We implemented this approach for Android in a system called REDRAW. Our evaluation illustrates that REDRAW achieves an average GUI-component classification accuracy of 91% and assembles prototype applications that closely mirror target mock-ups in terms of visual affinity while exhibiting reasonable code structure. Interviews with industrial practitioners illustrate ReDraw's potential to improve real development workflows.

show abstract

Section: Phase 21 -Large-scale Software Repository Mining and Dynamimentioning

confidence: 99%

Machine Learning-Based Prototyping of Graphical User Interfaces for Mobile Apps

Moran

Bernal-Cárdenas

Curcio

et al. 2020

IIEEE Trans. Software Eng.

164

120

View full text Add to dashboard Cite

show abstract

“…Thomé et al [68] proposed a search-based testing approach to detect SQL injection vulnerabilities in web applications. Their approach evolves inputs by assessing the effects on SQL interactions between the web server and database with the goal of exposing SQL injection vulnerabilities.…”

Section: Related Workmentioning

confidence: 99%

“…Our work is also based on evolving test inputs but for XML injection instead of SQL. Moreover, Thomé et al [68] used a fitness function based on a number of factors to measure the likelihood of the SQLi attacks. Instead, we use a fitness function based on the distance between the SUT's outputs and test objectives based on attack patterns.…”

Section: Related Workmentioning

confidence: 99%

Automatic Generation of Tests to Exploit XML Injection Vulnerabilities in Web Applications

Jan

Panichella

Arcuri

et al. 2019

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Abstract-Modern enterprise systems can be composed of many web services (e.g., SOAP and RESTful). Users of such systems might not have direct access to those services, and rather interact with them through a single-entry point which provides a GUI (e.g., a web page or a mobile app). Although the interactions with such entry point might be secure, a hacker could trick such systems to send malicious inputs to those internal web services. A typical example is XML injection targeting SOAP communications. Previous work has shown that it is possible to automatically generate such kind of attacks using search-based techniques. In this paper, we improve upon previous results by providing more efficient techniques to generate such attacks. In particular, we investigate four different algorithms and two different fitness functions. A large empirical study, involving also two industrial systems, shows that our technique is effective at automatically generating XML injection attacks.

show abstract

“…Challenges 2, 4, and 5 are addressed by security testing approaches [1,2,16,20,37] and dynamic analysis-based security attack detection approaches [10, 24, 31-33, 35, 36]. These approaches can be used to detect XSS, SQLi, XMLi, XPathi, and LDAPi vulnerabilities.…”

Section: Introductionmentioning

confidence: 99%

“…Challenge 6 is generally addressed by black-box security testing approaches [2,16,37] because they are agnostic with respect to the programming language of the system under test. However, this is the same reason for which these approaches cannot locate vulnerabilities in the source code (challenge 1).…”

Section: Introductionmentioning

confidence: 99%

JoanAudit: a tool for auditing common injection vulnerabilities

Thomé

Shar

Bianculli

et al. 2017

Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering

Self Cite

View full text Add to dashboard Cite

JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and Web services for common injection vulnerabilities during software development. It automatically identifies parts of the program code that are relevant for security and generates an HTML report to guide security auditors audit the source code in a scalable way. JoanAudit is configured with various security-sensitive input sources and sinks relevant to injection vulnerabilities and standard sanitization procedures that prevent these vulnerabilities. It can also automatically fix some cases of vulnerabilities in source code -cases where inputs are directly used in sinks without any form of sanitization -by using standard sanitization procedures. Our evaluation shows that by using JoanAudit, security auditors are required to inspect only 1% of the total code for auditing common injection vulnerabilities. The screen-cast demo is available at https://github.com/julianthome/joanaudit. CCS CONCEPTS• Security and privacy → Information flow control; • Software and its engineering → Automated static analysis;

show abstract

Search-based security testing of web applications

Cited by 30 publications

References 28 publications

Machine Learning-Based Prototyping of Graphical User Interfaces for Mobile Apps

Machine Learning-Based Prototyping of Graphical User Interfaces for Mobile Apps

Automatic Generation of Tests to Exploit XML Injection Vulnerabilities in Web Applications

JoanAudit: a tool for auditing common injection vulnerabilities

Contact Info

Product

Resources

About