Abstract
We present an automatic test approach to improve the security of web application, which detects vulnerable spots based on black box test through three phases of craw, test, and report. The test process considers a blind point for security through the development life cycle, the faults of web application and server setup in a various point of attackers, etc. The test approach is applied to the web applications in industry, analyzed, and compared with the existing test tool.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Achilles: Web Application Proxy Tool, http://www.owasp.org
Appscan: Web Application Testing Tool, http://www.watchfire.com
Arkin, B., Stender, S., McGraw, G.: Software Penetration Testing. IEEE Security & Privacy 3(1), 84–87 (2005)
AppsecInc: Manipulating Microsoft SQL Server Using SQL Injection (2002), http://www.appsecInc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf
Auronen, L.: Tool-Based Approach to Assessing Web Application Security. Helsinki University of Technology (2002)
Borgelt, C., Kruse, R.: Induction of Association Rules: Apriori Implementation. In: 15th Conference on Computational Statistics Compstat, Berlin, Germany (2002)
CgiSecurity: CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests (2002), http://www.cgisecurity.com/articles/xss-faq.shtml
Ghosh, A.K., McGraw, G.: An Approach for Certifying Security in Software Components. In: Proceedings of the 21st National Information Systems Security Conference, Crystal City, VA, October 5-8 (1998)
Heineman, K.: Building Web Application Security into Your Development Process (2003), http://www.spidynamics.com/whitepapers/Webapp_Dev_Process.pdf
Multi-criterion decision-making, http://ecolu-info.unige.ch/~dubois/Mutate_final/Lectures/Lect131/lect131.htm
Noriyuki, M., Ken, N.: Interactive Support for Decision Making. Institute Policy and Planning Sciences, Univ. of Tsukuba, Nissan Motor, Co. Ltd. Nissan Technical Center
NGS Software: Advanced SQL Injection In SQL Server Applications (2002), http://www.nextgenss.com/papers/advanced_sql_injection.pdf
OWASP: Top 10 Most Critical Web Application Security Vulnerabilities (2004), http://www.owasp.org/documentation/topten.html
Scando: Web Application Testing Tool, http://www.kavado.com
SecurityFocus: Black Box Test Method, http://www.securityfocus.com/infocus/1709
Hoo, K.S., Sudbury, A.W., Jaquith, A.R.: Tangible ROI through Secure Software Engineering. Secure Business Quarterly 1(2) (2001)
WebInspect: Web Application Testing Tool, http://www.spidynamics.com
WebScrab: Web Application Testing Tool, http://www.owasp.org
Wen, Y., Kun, S., Lin, T.P.: Web Application Security Assessment by Fault Injection and Behavior Monitoring. In: The 12th International W3 Conference, Budapest, Hungary, May 20-24 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Choi, K.C., Lee, G.H. (2006). Automatic Test Approach of Web Application for Security (AutoInspect). In: Gavrilova, M.L., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751632_72
Download citation
DOI: https://doi.org/10.1007/11751632_72
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34077-5
Online ISBN: 978-3-540-34078-2
eBook Packages: Computer ScienceComputer Science (R0)