A testing framework for Web application security assessment

標題:	A testing framework for Web application security assessment
作者:	Huang, YW Tsai, CH Lin, TP Huang, SK Lee, DT Kuo, SY 資訊工程學系 Department of Computer Science
關鍵字:	Web application testing;security assessment;fault injection;black-box testing;complete crawling
公開日期:	5-Aug-2005
摘要:	The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security. (c) 2005 Elsevier B.V. All rights reserved.
URI:	http://dx.doi.org/10.1016/j.comnet.2005.01.003 http://hdl.handle.net/11536/13405
ISSN:	1389-1286
DOI:	10.1016/j.comnet.2005.01.003
期刊:	COMPUTER NETWORKS
Volume:	48
Issue:	5
起始頁:	739
結束頁:	761
Appears in Collections:	Articles

Files in This Item:

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.