Intelligent Web Security Testing with Threat Assessment and Client Server Penetration

Finding your way in the testing jungle: a learning approach to web security testing

Proceedings of the 2013 International Symposium on Software Testing and Analysis - ISSTA 2013 ◽

10.1145/2483760.2483776 ◽

2013 ◽

Cited By ~ 16

Author(s):

Omer Tripp ◽

Omri Weisman ◽

Lotem Guy

Keyword(s):

Web Security ◽

Learning Approach ◽

Security Testing

Download Full-text

Web Security Testing Approaches: Comparison Framework

Advances in Intelligent and Soft Computing - Proceedings of the 2011 2nd International Congress on Computer Applications and Computational Science ◽

10.1007/978-3-642-28314-7_23 ◽

2012 ◽

pp. 163-169 ◽

Cited By ~ 2

Author(s):

Fakhreldin T. Alssir ◽

Moataz Ahmed

Keyword(s):

Web Security ◽

Security Testing

Download Full-text

Survey of the Protection Mechanisms to the SSL-based Session Hijacking Attacks

Network Protocols and Algorithms ◽

10.5296/npa.v10i1.12478 ◽

2018 ◽

Vol 10 (1) ◽

pp. 83 ◽

Cited By ~ 6

Author(s):

Md. Shohrab Hossain ◽

Arnob Paul ◽

Md. Hasanul Islam ◽

Mohammed Atiquzzaman

Keyword(s):

Preventive Measures ◽

Web Security ◽

Performance Criteria ◽

Critical Problem ◽

Client Server ◽

All Solutions ◽

Protection Mechanisms ◽

Comprehensive Survey ◽

Session Hijacking ◽

Client Side

Web communications between the server and the client are being used extensively. However, session hijacking has become a critical problem for most of the client-server communications. Among different session hijacking attacks, SSL stripping is the most dangerous attack. There are a number of measures proposed to prevent SSL tripping-based session hijacking attacks. However, existing surveys did not summarize all the preventive measures in a comprehensive manner (without much illustration and categorization). The objective of this paper is to provide a comprehensive survey of existing measures against SSL stripping-based session hijacking attacks and compare those measures. In this paper, we have classified all the existing preventive measures for SSL stripping-based session hijacking attacks into two main categories: client-side measures and serverside measures. We have illustrated the proposed solutions comprehensively with useful diagrams for clarification. We have also compared them based on different performance criteria. This paper will help web security researchers to have a comparative analysis of all solutions for the SSL stripping based attacks, thereby improving existing solutions to better protect the users from session hijacking attacks.

Download Full-text

Complete Web Security Testing Methods and Recommendations

2013 International Conference on Computer Sciences and Applications ◽

10.1109/csa.2013.26 ◽

2013 ◽

Cited By ~ 2

Author(s):

Li Qian ◽

Jiahua Wan ◽

Lu Chen ◽

Xiuming Chen

Keyword(s):

Web Security ◽

Testing Methods ◽

Security Testing

Download Full-text

Attack Pattern-Based Combinatorial Testing with Constraints for Web Security Testing

2015 IEEE International Conference on Software Quality, Reliability and Security ◽

10.1109/qrs.2015.38 ◽

2015 ◽

Cited By ~ 14

Author(s):

Josip Bozic ◽

Bernhard Garn ◽

Ioannis Kapsalis ◽

Dimitris Simos ◽

Severin Winkler ◽

...

Keyword(s):

Web Security ◽

Combinatorial Testing ◽

Security Testing ◽

Attack Pattern

Download Full-text

Pattern based Web Security Testing

Proceedings of the 6th International Conference on Model-Driven Engineering and Software Development ◽

10.5220/0006606504720479 ◽

2018 ◽

Author(s):

Paulo J. M. Araújo ◽

Ana C. R. Paiva

Keyword(s):

Web Security ◽

Security Testing

Download Full-text

A Novel Approach for Security Testing of Client Server Based Applications using Misuse Deployment Diagrams, Misuse Cases and Threat Trees

IOSR Journal of Computer Engineering ◽

10.9790/0661-16351017 ◽

2014 ◽

Vol 16 (3) ◽

pp. 10-17

Author(s):

Biswajit Ghosh ◽

◽

Arup Abhinna Acharya

Keyword(s):

Security Testing ◽

Client Server ◽

Novel Approach

Download Full-text

An Analysis of Vulnerability Web Against Attack Unrestricted Image File Upload

Computer Engineering and Applications Journal ◽

10.18495/comengapp.v5i1.161 ◽

2016 ◽

Vol 5 (1) ◽

pp. 19-28 ◽

Cited By ~ 1

Author(s):

Imam Riadi ◽

Eddy Irawan Aristianto

Keyword(s):

Computer Security ◽

Web Security ◽

Security Testing ◽

Security Technology ◽

Program Code ◽

Image File ◽

Before And After ◽

File Upload ◽

The Difference ◽

Strongly Agree

The development of computer security technology is very rapidly. Web security is one of the areas that require particular attention related to the abundance of digital crimes conducted over the web. Unrestricted file upload image is a condition in the process of uploading pictures is not restricted. This can be used to make the attacker retrieve the information that is contained in a system. This research developed with several stages, such as, data collection, analysis of the current conditions, designing improvements to the program code, testing and implementation of the results of patch. Security testing is performed to find out the difference between before and after conditions applied patch unrestricted image file upload. Based on the results of testing done by the method of penetration testing results obtained before the application of patch unrestricted image file upload results respondents said 15% strongly disagree, 85% did not agree. Testing after applying patch unrestricted image file upload results respondents said 7.5% strongly agree, 92.5% agree, so it can be concluded that the development of the patch that has been done has been running smoothly as expected.

Download Full-text