Software Testing Techniques
Specification-Based Test Generation for Security-Critical Systems Using Mutations
ICFEM '02 Proceedings of the 4th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Formally Testing Fail-Safety of Electronic Purse Protocols
Proceedings of the 16th IEEE international conference on Automated software engineering
Automated Software Engineering
Combining static analysis and runtime monitoring to counter SQL-injection attacks
WODA '05 Proceedings of the third international workshop on Dynamic analysis
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
The TXL source transformation language
Science of Computer Programming - The fourth workshop on language descriptions, tools, and applications (LDTA'04)
A fault model and mutation testing of access control policies
Proceedings of the 16th international conference on World Wide Web
Automated Protection of PHP Applications Against SQL-injection Attacks
CSMR '07 Proceedings of the 11th European Conference on Software Maintenance and Reengineering
Lightweight State Based Mutation Testing for Security
TAICPART-MUTATION '07 Proceedings of the Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION
Mutation Analysis for Security Tests Qualification
TAICPART-MUTATION '07 Proceedings of the Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION
Mutation Testing of Protocol Messages Based on Extended TTCN-3
AINA '08 Proceedings of the 22nd International Conference on Advanced Information Networking and Applications
An empirical evaluation of a language-based security testing technique
CASCON '09 Proceedings of the 2009 Conference of the Center for Advanced Studies on Collaborative Research
Defining and measuring policy coverage in testing access control policies
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
| Hi-index | 0.00 |
We introduce a new Syntax-based Security Testing (SST) framework that uses a protocol specification to perform security testing on text-based communication protocols. A protocol specification of a particular text-based protocol under-tested represents its syntactic grammar and static constraints. The specification is used to generate test cases by mutating valid messages, breaking the syntactic and constraints of the protocol. The framework is demonstrated using a toy Web application and the open source application KOrganizer.