Proceedings of the Twelfth International Conference on World Wide Web - WWW '03 2003
DOI: 10.1145/775152.775174
|View full text |Cite
|
Sign up to set email alerts
|

Web application security assessment by fault injection and behavior monitoring

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
153
0

Year Published

2009
2009
2023
2023

Publication Types

Select...
5
4

Relationship

0
9

Authors

Journals

citations
Cited by 236 publications
(153 citation statements)
references
References 24 publications
0
153
0
Order By: Relevance
“…Most previous researches [10,15,16,17] endeavor to exploit various vulnerabilities within web applications. For instance, SecuBat [18] are used to identify input validation vulnerabilities.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…Most previous researches [10,15,16,17] endeavor to exploit various vulnerabilities within web applications. For instance, SecuBat [18] are used to identify input validation vulnerabilities.…”
Section: Related Workmentioning
confidence: 99%
“…A number of testing tools, both open-source, e.g., Spike, Burp, and commercial, e.g., IBM AppScan, have been proposed for identifying input validation vulnerabilities within web applications [16] . They feed random inputs from a library of known attack patterns into applications.…”
Section: Related Workmentioning
confidence: 99%
“…We go along the same lines in this paper, but with a specific focus on XSS test selection and systematic benchmarking through testing (and we do not bypass client-side browser mechanisms since it's a part of the XSS target). Similarly to Su's statements [19], Huang et al [20] propose to mutate and inject faulty inputs, including SQL injection and XSS against web application (WAVES tool), but do not provide a diagnosis technique to distinguish the various security layers and validate the capacity of an XSS vector to pass in a web browser or not. The only XSS test case evaluation methodology we found was done using mutation based testing [21]: a test data set was qualified by mutating the PHP code of five web applications.…”
Section: Related Workmentioning
confidence: 99%
“…Testing software functionality according to Huang (2003) includes testing SQL Injection and Cross -Site Scripting (XSS) [2] so that ATLAS software to be able to meet the quality of software components must be able to counteract the functionality of SQL injection and XSS. The following Information passed in the Table means that the program cannot be used via script injection.…”
Section: B Analysis Of Software Quality 1) Functionality Testing Resmentioning
confidence: 99%