scholarly journals Knowledge-based security testing of web applications by logic programming

2017 ◽  
Vol 21 (2) ◽  
pp. 221-246
Author(s):  
Philipp Zech ◽  
Michael Felderer ◽  
Ruth Breu
Keyword(s):  
Logic Programming ◽  
Web Applications ◽  
Security Testing ◽  
Knowledge Based

scholarly journals The Security Aspect of Applications in Kosovo Companies

2018 ◽  
Vol 13 (1) ◽  
pp. 221
Author(s):  
Festim Halili ◽  
Lirie Koraqi
Keyword(s):  
Web Applications ◽  
Research Problem ◽  
Security Testing ◽  
Theoretical Concepts ◽  
Software Applications ◽  
Study Case

This paper addresses the security aspects of the software applications in the framework of several entrepreneurship. It has a certain goal and structure, through which it modestly aims to present the security aspect of web applications in Kosovo companies. At first we tried to give some theoretical concepts about security in general and security testing in particular. The key research elaboration of the research problem addresses the security aspect in the sector of companies that develop applications and do their testing, here we will dwell on a case-study case of different companies in Kosovo. The purpose of this section is to argue the importance of security and its application to various companies.

Developing Rule-Based Applications for the Web

2011 ◽  
pp. 456-477 ◽  
Author(s):  
Vassilis Papataxiarhis ◽  
Vassileios Tsetsos ◽  
Isambo Karali ◽  
Panagiotis Stamatopoulos
Keyword(s):  
Knowledge Representation ◽  
Comparative Study ◽  
Logic Programming ◽  
Web Applications ◽  
Distributed Applications ◽  
Rule Based ◽  
The Web

Embedding rules into Web applications, and distributed applications in general, seems to constitute a significant task in order to accommodate desired expressivity features in such environments. Various methodologies and reasoning modules have been proposed to manage rules and knowledge on the Web. The main objective of the chapter is to survey related work in this area and discuss relevant theories, methodologies and tools that can be used to develop rule-based applications for the Web. The chapter deals with both ways that have been formally defined for modeling a domain of interest: the first based on standard logics while the second one stemmed from the logic programming perspective. Furthermore, a comparative study that evaluates the reasoning engines and the various knowledge representation methodologies, focusing on rules, is presented.

Retaining Consistency for Knowledge-Based Security Testing

2014 ◽  
pp. 88-97
Author(s):  
Andreas Bernauer ◽  
Josip Bozic ◽  
Dimitris E. Simos ◽  
Severin Winkler ◽  
Franz Wotawa
Keyword(s):  
Security Testing ◽  
Knowledge Based

Automated security testing for web applications on industrial automation and control systems

2019 ◽  
Vol 67 (5) ◽  
pp. 383-401
Author(s):  
Steffen Pfrang ◽  
Anne Borcherding ◽  
David Meier ◽  
Jürgen Beyerer
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Web Application ◽  
Web Applications ◽  
Security Testing ◽  
Industrial Automation ◽  
Local Networks ◽  
Automation And Control ◽  
And Control ◽  
The Web

Abstract Industrial automation and control systems (IACS) play a key role in modern production facilities. On the one hand, they provide real-time functionality to the connected field devices. On the other hand, they get more and more connected to local networks and the internet in order to facilitate use cases promoted by “Industrie 4.0”. A lot of IACS are equipped with web servers that provide web applications for configuration and management purposes. If an attacker gains access to such a web application operated on an IACS, he can exploit vulnerabilities and possibly interrupt the critical automation process. Cyber security research for web applications is well-known in the office IT. There exist a lot of best practices and tools for testing web applications for different kinds of vulnerabilities. Security testing targets at discovering those vulnerabilities before they can get exploited. In order to enable IACS manufacturers and integrators to perform security tests for their devices, ISuTest was developed, a modular security testing framework for IACS. This paper provides a classification of known types of web application vulnerabilities. Therefore, it makes use of the worst direct impact of a vulnerability. Based on this analysis, a subset of open-source vulnerability scanners to detect such vulnerabilities is selected to be integrated into ISuTest. Subsequently, the integration is evaluated. This evaluation is twofold: At first, willful vulnerable web applications are used. In a second step, seven real IACS, like a programmable logic controller, industrial switches and cloud gateways, are used. Both evaluation steps start with the manual examination of the web applications for vulnerabilities. They conclude with an automated test of the web applications using the vulnerability scanners automated by ISuTest. The results show that the vulnerability scanners detected 53 % of the existing vulnerabilities. In a former study using commercial vulnerability scanners, 54 % of the security flaws could be found. While performing the analysis, 45 new vulnerabilities were detected. Some of them did not only break the web server but crashed the whole IACS, stopping the critical automation process. This shows that security testing is crucial in the industrial domain and needs to cover all services provided by the devices.

Methods of generating test data for carrying out the fuzzing process

2019 ◽  
Vol 0 (9/2019) ◽  
pp. 27-32
Author(s):  
Marcin Pachnik
Keyword(s):  
Test Data ◽  
Web Applications ◽  
Software Security ◽  
Local Network ◽  
Security Testing ◽  
Fuzz Testing ◽  
Modern Methods ◽  
Automatic Software ◽  
The Impact

The article presents and compares modern methods of generating test data in the process of automatic software security testing, so called fuzz testing. The publication contains descriptions of methods used, among others, in local, network or web applications, and then compares them and evaluates their effectiveness in the process of ensuring software security. The impact of the quality of test data corpus on the effectiveness of automated security testing has been assessed.

scholarly journals A Case for Query-driven Predicate Answer Set Programming

10.29007/ngm2 ◽  
2018 ◽  
Author(s):  
Gopal Gupta ◽  
Elmer Salazar ◽  
Kyle Marple ◽  
Zhuo Chen ◽  
Farhad Shakerin
Keyword(s):  
Logic Programming ◽  
Common Sense ◽  
Automated Reasoning ◽  
Answer Set Programming ◽  
Stable Model ◽  
Common Sense Reasoning ◽  
Knowledge Based ◽  
Full Power ◽  
Programming Systems ◽  
Answer Set

Answer Set Programming (ASP) has emerged as a successful paradigm for developing intelligent applications. ASP is based on adding negation as failure to logic programming under the stable model semantics regime. ASP allows for sophisticated reasoning mechanisms that are employed by humans to be modeled elegantly. We argue that being able to model common sense reasoning as used by humans is critical for success of automated reasoning. We also argue that extending answer programming systems to general predicates is critical to realizing the full power of ASP. Goal-directed predicate ASP systems are needed to make the ASP technology practical for building large, scalable knowledge-based applications.

Sign in / Sign up

Export Citation Format

Share Document