Experimentation in software engineering: an introduction
Experimentation in software engineering: an introduction
Extending Typestate Checking Using Conditional Liveness Analysis
IEEE Transactions on Software Engineering
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Evolutionary testing of classes
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
A Software Implementation of a Genetic Algorithm Based Approach to Network Intrusion Detection
SNPD-SAWN '05 Proceedings of the Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Networks
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
The TXL source transformation language
Science of Computer Programming - The fourth workshop on language descriptions, tools, and applications (LDTA'04)
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Detecting buffer overflow via automatic test input data generation
Computers and Operations Research
Static detection of cross-site scripting vulnerabilities
Proceedings of the 30th international conference on Software engineering
Dynamic test input generation for web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Secure programming with static analysis
Secure programming with static analysis
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
Handbook of Parametric and Nonparametric Statistical Procedures
Handbook of Parametric and Nonparametric Statistical Procedures
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Ahab's leg: exploring the issues of communicating semi-formal requirements to the final users
CAiSE'10 Proceedings of the 22nd international conference on Advanced information systems engineering
SCAM '11 Proceedings of the 2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation
Combining search-based and constraint-based testing
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Estimating the evolution direction of populations to improve genetic algorithms
Proceedings of the 14th annual conference on Genetic and evolutionary computation
Boosting search based testing by using constraint based testing
SSBSE'12 Proceedings of the 4th international conference on Search Based Software Engineering
Hi-index | 0.00 |
Context: Cross-site scripting (XSS for short) is considered one of the major threat to the security of web applications. Static analysis supports manual security review in mitigating the impact of XSS-related issues, by suggesting a set of potential problems, expressed in terms of candidate vulnerabilities. A security problem spotted by static analysis, however, consists of a list of (possibly complicated) conditions that should be satisfied to concretely exploit a vulnerability. Static analysis, instead, does not provide examples of what input values must be used to make the application execute the (sometimes complex) execution path that causes a XSS vulnerability. Runnable test cases, however, consist of an executable and reproducible evidence of the vulnerability mechanics. Test cases represent a valuable support for developers who should concretely understand security problems in detail before fixing them. Objective: This paper evaluates various strategies to automatically generate security test cases, i.e. test cases that expose a vulnerability by making the application control flow satisfy vulnerability conditions. Method: A combination of genetic algorithms and concrete symbolic execution is presented for the automatic generation of security test cases. This combined strategy is compared with genetic algorithms and with concrete symbolic execution alone, in terms of coverage and productivity on four case study web applications. Result: While genetic algorithms require less time to generate security test cases, those generated by concrete symbolic execution cover a higher number of vulnerabilities. The highest coverage, however, is achieved when the two approaches are combined and integrated. Conclusion: The integrated approach that we propose has shown to be effective for security testing. In fact, genetic algorithms have shown to be able to generate test cases only for few and simple vulnerabilities when not combined with other approaches. However, their contribution is fundamental to improve the coverage of test cases generated by concrete symbolic execution.