Security Testing Based on Attack Patterns

Security Testing Based on Attack Patterns

Testing for security related issues is an important task of growing interest due to the vast amount of applications and services available over the internet. In practice testing for security often is performed manually with the consequences of higher costs, and no integration of security testing wit...

Full description

Saved in:
Bibliographic Details
Published in:2014 IEEE Seventh International Conference on Software Testing, Verification and Validation Workshops pp. 4 - 11
Main Authors: Bozic, Josip, Wotawa, Franz
Format: Conference Proceeding
Language:English
Published: IEEE 01-03-2014
Subjects:
Adaptation models
Attack pattern
cross-site scripting
HTML
model-based testing
Security
security testing
Software
SQL injection
Testing
UML state machine
Unified modeling language
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Testing for security related issues is an important task of growing interest due to the vast amount of applications and services available over the internet. In practice testing for security often is performed manually with the consequences of higher costs, and no integration of security testing with today's agile software development processes. In order to bring security testing into practice, many different approaches have been suggested including fuzz testing and model-based testing approaches. Most of these approaches rely on models of the system or the application domain. In this paper we suggest to formalize attack patterns from which test cases can be generated and even executed automatically. Hence, testing for known attacks can be easily integrated into software development processes where automated testing, e.g., for daily builds, is a requirement. The approach makes use of UML state charts. Besides discussing the approach, we illustrate the approach using a case study.
DOI:10.1109/ICSTW.2014.58