Security Testing on Web Based Application

2018 ◽  
Vol 6 (12) ◽  
pp. 553-557
Author(s):  
A. Punitha ◽  
D. Sukanya Bai ◽  
K. Lavanya
Keyword(s):  
Security Testing ◽  
Web Based

Research on Fuzzing Test Data Engine for Web Vulnerability

2011 ◽  
Vol 211-212 ◽  
pp. 500-504 ◽  
Author(s):  
Quan Long Guan ◽  
Guo Xiang Yao ◽  
Kai Bin Ni ◽  
Mei Xiu Zhou
Keyword(s):  
Test Data ◽  
Rapid Growth ◽  
Heuristic Rules ◽  
Vulnerability Detection ◽  
Security Testing ◽  
Web Based ◽  
Detection Model ◽  
Web Control ◽  
Web Based System ◽  
Web Systems

With the rapid growth of e-commerce, various types of complex applications appear in web environments. web-based system testing is different from traditional software testing. The unpredictability of Internet and web systems makes it difficult to test web-based system. This paper presents an engine for Fuzzing test data towards web control vulnerabilities, and introduces "heuristic rules" and "tagged words" to generate the test data. This method can increase the intelligence of security testing and build the foundation of web vulnerability detection model.

Secure by Design

2011 ◽  
Vol 2 (3) ◽  
pp. 23-41 ◽  
Author(s):  
Haralambos Mouratidis ◽  
Miao Kang
Keyword(s):  
Financial Services ◽  
Lessons Learned ◽  
Security Testing ◽  
Web Based ◽  
Industrial Setting ◽  
Award Winning ◽  
Employment Screening ◽  
Support Employment ◽  
The University ◽  
Web Based System

This paper describes results and reflects on the experience of engineering a secure web based system for the pre-employment screening domain. In particular, the paper presents results from a Knowledge Transfer Partnership (KTP) project between the School of Computing, IT and Engineering at the University of East London and the London-based award winning pre-employment company Powerchex Ltd. The Secure Tropos methodology, which is based on the principle of secure by design, has been applied to the project to guide the development of a web based system to support employment reference and background checking specifically for the financial services industry. Findings indicate the potential of the methodology for the development of secure web based systems, and support the argument of incorporating security considerations from the early stages of the software development process, i.e., the idea of secure by design. The developed system was tested by a third, independent to the project, party using a well known method of security testing, i.e., penetration testing, and the results provided did not indicate the presence of any major security problems. The experience and lessons learned by the application of the methodology to an industrial setting are also discussed in the paper.

scholarly journals Agile security testing of Web-based systems via HTTPUnit

2006 ◽  
Author(s):  
A. Tappenden ◽  
P. Beatty ◽  
J. Miller ◽  
A. Geras ◽  
M. Smith
Keyword(s):  
Security Testing ◽  
Web Based

scholarly journals Application of Bayesian network in risk assessment for website deployment scenarios

2022 ◽  
Vol 2 (14) ◽  
pp. 3-16
Author(s):  
Vu Thi Huong Giang ◽  
Nguyen Manh Tuan
Keyword(s):  
Risk Assessment ◽  
Bayesian Network ◽  
Cyber Security ◽  
Rapid Development ◽  
Cyber Attacks ◽  
Security Risk ◽  
Security Testing ◽  
Security Risks ◽  
Web Based ◽  
Assessment Results

Abstract—The rapid development of web-based systems in the digital transformation era has led to a dramatic increase in the number and the severity of cyber-attacks. Current attack prevention solutions such as system monitoring, security testing and assessment are installed after the system has been deployed, thus requiring more cost and manpower. In that context, the need to assess cyber security risks before the deployment of web-based systems becomes increasingly urgent. This paper introduces a cyber security risk assessment mechanism for web-based systems before deployment. We use the Bayesian network to analyze and quantify the cyber security risks posed by threats to the deployment components of a website. First, the deployment components of potential website deployment scenarios are considered assets, so that their properties are mapped to specific vulnerabilities or threats. Next, the vulnerabilities or threats of each deployment component will be assessed according to the considered risk criteria in specific steps of a deployment process. The risk assessment results for deployment components are aggregated into the risk assessment results for their composed deployment scenario. Based on these results, administrators can compare and choose the least risky deployment scenario. Tóm tắt—Sự phát triển mạnh mẽ của các hệ thống trên nền tảng web trong công cuộc chuyển đổi số kéo theo sự gia tăng nhanh chóng về số lượng và mức độ nguy hiểm của các cuộc tấn công mạng. Các giải pháp phòng chống tấn công hiện nay như theo dõi hoạt động hệ thống, kiểm tra và đánh giá an toàn thông tin mạng được thực hiện khi hệ thống đã được triển khai, do đó đòi hỏi chi phí và nhân lực thực hiện lớn. Trong bối cảnh đó, nhu cầu đánh giá rủi ro an toàn thông tin mạng cho các hệ thống website trước khi triển khai thực tế trở nên cấp thiết. Bài báo này giới thiệu một cơ chế đánh giá rủi ro an toàn thông tin mạng cho các hệ thống website trước khi triển khai thực tế. Chúng tôi sử dụng mạng Bayes để phân tích và định lượng rủi ro về an toàn thông tin do các nguồn đe dọa khác nhau gây ra trên các thành phần triển khai của một website. Đầu tiên, các thành phần triển khai của các kịch bản triển khai website tiềm năng được mô hình hoá dưới dạng các tài sản, sao cho các thuộc tính của chúng đều được ánh xạ với các điểm yếu hoặc nguy cơ cụ thể. Tiếp đó, các điểm yếu, nguy cơ của từng thành phần triển khai sẽ được đánh giá theo các tiêu chí rủi ro đang xét tại mỗi thời điểm cụ thể trong quy trình triển khai. Kết quả đánh giá của các thành phần triển khai được tập hợp lại thành kết quả đánh giá hệ thống trong một kịch bản cụ thể. Căn cứ vào kết quả đánh giá rủi ro, người quản trị có thể so sánh các kịch bản triển khai tiềm năng với nhau để lựa chọn kịch bản triển khai ít rủi ro nhất.

scholarly journals Calibration and Asset Management Software

2021 ◽  
Vol 9 (8) ◽  
pp. 2961-2966
Author(s):  
Vaishnavi Badgire
Keyword(s):  
Asset Management ◽  
Web Application ◽  
Security Testing ◽  
Web Based ◽  
Management Software ◽  
Pull Out ◽  
Secure Testing ◽  
The Web

Abstract: In an industry, to ensure smooth and reliable working of machines, calibration is an important phase to rectify the changes of devices. This solution is a new milestone in calibration and asset management industry. A web-based application provides portability to the application hence; share-holders/proprietors/industrialist can manage their assets any time, anywhere. To make any application reliable and Secure, testing is an important phase. The intent of a security testing is to identify the vulnerabilities, so that the developers can pull out these vulnerabilities from the application and make the web application and data safe from any unauthorized action. Tools such as Zenmap, OWSAP, and OpenSSL used to ensure unbreakable working of application. Keywords: Calibration, Asset Management, Security Testing, HTTP’s Conversion

Security Testing Framework for Web Applications

2022 ◽  
pp. 453-479
Author(s):  
Layla Mohammed Alrawais ◽  
Mamdouh Alenezi ◽  
Mohammad Akour
Keyword(s):  
Web Applications ◽  
False Positive Rate ◽  
Requirement Engineering ◽  
Security Threats ◽  
Security Measures ◽  
Security Testing ◽  
Web Based ◽  
Testing Framework ◽  
Positive Rate ◽  
Detection Ratio

The growth of web-based applications has increased tremendously from last two decades. While these applications bring huge benefits to society, yet they suffer from various security threats. Although there exist various techniques to ensure the security of web applications, still a large number of applications suffer from a wide variety of attacks and result in financial loses. In this article, a security-testing framework for web applications is proposed with an argument that security of an application should be tested at every stage of software development life cycle (SDLC). Security testing is initiated from the requirement engineering phase using a keyword-analysis phase. The output of the first phase serves as input to the next phase. Different case study applications indicate that the framework assists in early detection of security threats and applying appropriate security measures. The results obtained from the implementation of the proposed framework demonstrated a high detection ratio with a less false-positive rate.

Agile Development of Secure Web-Based Applications

2009 ◽  
pp. 257-277
Author(s):  
A. F. Tappenden ◽  
T. Huynh ◽  
J. Miller ◽  
A. Geras ◽  
M. Smith
Keyword(s):  
Open Source ◽  
Security Requirements ◽  
Agile Development ◽  
Unit Testing ◽  
The Novel ◽  
Security Testing ◽  
Security Risks ◽  
Web Based ◽  
Testing Framework ◽  
Development Framework

This article outlines a four-point strategy for the development of secure Web-based applications within an agile development framework and introduces strategies to mitigate security risks that are commonly present in Web-based applications. The proposed strategy includes the representation of security requirements as test cases supported by the open source tool FIT, the deployment of a highly testable architecture allowing for security testing of the application at all levels, the outlining of an extensive security testing strategy supported by the open source unit-testing framework HTTPUnit, and the introduction of the novel technique of security refactoring that transforms insecure working code into a functionally-equivalent secure code. Today, many Web-based applications are not secure, and limited literature exists concerning the use of agile methods within this domain. It is the intention of this article to further discussions and research regarding the use of an agile methodology for the development of secure Web-based applications.

Secure by Design

2012 ◽  
pp. 120-138
Author(s):  
Haralambos Mouratidis ◽  
Miao Kang
Keyword(s):  
Financial Services ◽  
Lessons Learned ◽  
Security Testing ◽  
Web Based ◽  
Industrial Setting ◽  
Award Winning ◽  
Employment Screening ◽  
Support Employment ◽  
The University ◽  
Web Based System

This paper describes results and reflects on the experience of engineering a secure web based system for the pre-employment screening domain. In particular, the paper presents results from a Knowledge Transfer Partnership (KTP) project between the School of Computing, IT and Engineering at the University of East London and the London-based award winning pre-employment company Powerchex Ltd. The Secure Tropos methodology, which is based on the principle of secure by design, has been applied to the project to guide the development of a web based system to support employment reference and background checking specifically for the financial services industry. Findings indicate the potential of the methodology for the development of secure web based systems, and support the argument of incorporating security considerations from the early stages of the software development process, i.e., the idea of secure by design. The developed system was tested by a third, independent to the project, party using a well known method of security testing, i.e., penetration testing, and the results provided did not indicate the presence of any major security problems. The experience and lessons learned by the application of the methodology to an industrial setting are also discussed in the paper.

Sign in / Sign up

Export Citation Format

Share Document