Selecting Software Test Data Using Data Flow Information
IEEE Transactions on Software Engineering
Software fault injection: inoculating programs against errors
Software fault injection: inoculating programs against errors
SPHINX: a framework for creating personal, site-specific Web crawlers
WWW7 Proceedings of the seventh international conference on World Wide Web 7
Operating system enhancements to prevent the misuse of system calls
Proceedings of the 7th ACM conference on Computer and communications security
Security models for web-based applications
Communications of the ACM
Analysis and testing of Web applications
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Risks to the public in computers and related systems
ACM SIGSOFT Software Engineering Notes
Proceedings of the 11th international conference on World Wide Web
Abstracting application-level web security
Proceedings of the 11th international conference on World Wide Web
ACM Transactions on Internet Technology (TOIT)
Developing Secure Web Applications
IEEE Internet Computing
Understanding and Restructuring Web Sites with ReWeb
IEEE MultiMedia
Quality Attributes of Web Software Applications
IEEE Software
Experiences with Specification-Based Intrusion Detection
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Proceedings of the 27th International Conference on Very Large Data Bases
WARE: A Tool for the Reverse Engineering of Web Applications
CSMR '02 Proceedings of the 6th European Conference on Software Maintenance and Reengineering
Object-Based Data Flow Testing of Web Applications
APAQS '00 Proceedings of the The First Asia-Pacific Conference on Quality Software (APAQS'00)
Open Source Software Research Activities in AIST towards Secure Open Systems
HASE '02 Proceedings of the 7th IEEE International Symposium on High Assurance Systems Engineering
An Approach for Reverse Engineering of Web-Based Applications
WCRE '01 Proceedings of the Eighth Working Conference on Reverse Engineering (WCRE'01)
ICSM '01 Proceedings of the IEEE International Conference on Software Maintenance (ICSM'01)
Web Site Analysis: Structure and Evolution
ICSM '00 Proceedings of the International Conference on Software Maintenance (ICSM'00)
Structural Testing of Web Applications
ISSRE '00 Proceedings of the 11th International Symposium on Software Reliability Engineering
Design and Implementation of a High-Performance Distributed Web Crawler
ICDE '02 Proceedings of the 18th International Conference on Data Engineering
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Learning block importance models for web pages
Proceedings of the 13th international conference on World Wide Web
Verifying Web Applications Using Bounded Model Checking
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Detecting and countering system intrusions using software wrappers
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
On preventing intrusions by process behavior monitoring
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Detours: binary interception of Win32 functions
WINSYM'99 Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3
WebGlimpse: combining browsing and searching
ATEC '97 Proceedings of the annual conference on USENIX Annual Technical Conference
Distributed search over the hidden web: hierarchical database sampling and selection
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Detecting malicious software by monitoring anomalous windows registry accesses
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
An automatic meta-revised mechanism for anti-malicious injection
NBiS'07 Proceedings of the 1st international conference on Network-based information systems
Constructing a "Common cross site scripting vulnerabilities enumeration (CXE)" using CWE and CVE
ICISS'07 Proceedings of the 3rd international conference on Information systems security
Hi-index | 0.01 |
The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.