Software system testing and quality assurance
Software system testing and quality assurance
Software testing techniques (2nd ed.)
Software testing techniques (2nd ed.)
Fundamentals of software engineering
Fundamentals of software engineering
Abstracting application-level web security
Proceedings of the 11th international conference on World Wide Web
Web application security assessment by fault injection and behavior monitoring
WWW '03 Proceedings of the 12th international conference on World Wide Web
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
SecuBat: a web vulnerability scanner
Proceedings of the 15th international conference on World Wide Web
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Exploring Multiple Execution Paths for Malware Analysis
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Using UML collaboration diagrams for static checking and test generation
UML'00 Proceedings of the 3rd international conference on The unified modeling language: advancing the standard
Generating tests from UML specifications
UML'99 Proceedings of the 2nd international conference on The unified modeling language: beyond the standard
Why Johnny can't pentest: an analysis of black-box web vulnerability scanners
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
CANVuS: context-aware network vulnerability scanning
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
ASAP: automatic semantics-aware analysis of network payloads
PSDML'10 Proceedings of the international ECML/PKDD conference on Privacy and security issues in data mining and machine learning
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Enemy of the state: a state-aware black-box web vulnerability scanner
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Finding your way in the testing jungle: a learning approach to web security testing
Proceedings of the 2013 International Symposium on Software Testing and Analysis
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
Over the last years, the complexity of web applications has grown significantly, challenging desktop programs in terms of functionality and design. Along with the rising popularity of web applications, the number of exploitable bugs has also increased significantly. Web application flaws, such as cross-site scripting or SQL injection bugs, now account for more than two thirds of the reported security vulnerabilities.Black-box testing techniques are a common approach to improve software quality and detect bugs before deployment. There exist a number of vulnerability scanners, or fuzzers, that expose web applications to a barrage of malformed inputs in the hope to identify input validation errors. Unfortunately, these scanners often fail to test a substantial fraction of a web application's logic, especially when this logic is invoked from pages that can only be reached after filling out complex forms that aggressively check the correctness of the provided values.In this paper, we present an automated testing tool that can find reflected and stored cross-site scripting (XSS) vulnerabilities in web applications. The core of our system is a black-box vulnerability scanner. This scanner is enhanced by techniques that allow one to generate more comprehensive test cases and explore a larger fraction of the application. Our experiments demonstrate that our approach is able to test more thoroughly these programs and identify more bugs than a number of open-source and commercial web vulnerability scanners.