从基于Web的系统被动测试中获得的实践经验

2010 Third International Conference on Software Testing, Verification, and Validation Workshops Pub Date : 2010-04-06 DOI:10.1109/ICSTW.2010.39

A. Bagnato, Fabio Raiteri, Wissam Mallouli, B. Wehbi

{"title":"从基于Web的系统被动测试中获得的实践经验","authors":"A. Bagnato, Fabio Raiteri, Wissam Mallouli, B. Wehbi","doi":"10.1109/ICSTW.2010.39","DOIUrl":null,"url":null,"abstract":"In recent years Web-based systems have become extremely popular and, nowadays, they are used in critical environments such as financial, medical, and military systems. As the use of Web applications for security-critical services has increased, the number and sophistication of attacks against these applications have grown as well. For this reason it is essential to be able to prove that the target Web-based system implements its designed security requirements avoiding known vulnerabilities in HTTP-based solutions. To reach this aim, we can rely on several testing techniques and mainly on security passive testing approach that is becoming increasingly important to security-relevant aspects into web based software systems. This article describes the application of the TestInv-P passive testing tool as part of the testing phase of TXT e-tourism Web application. TestInv-P is a passive testing tool that monitors communication traces of an application during run-time and verifies whether it satisfies certain security-related invariants derived from SHIELDS models.","PeriodicalId":117410,"journal":{"name":"2010 Third International Conference on Software Testing, Verification, and Validation Workshops","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-04-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Practical Experience Gained from Passive Testing of Web Based Systems\",\"authors\":\"A. Bagnato, Fabio Raiteri, Wissam Mallouli, B. Wehbi\",\"doi\":\"10.1109/ICSTW.2010.39\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years Web-based systems have become extremely popular and, nowadays, they are used in critical environments such as financial, medical, and military systems. As the use of Web applications for security-critical services has increased, the number and sophistication of attacks against these applications have grown as well. For this reason it is essential to be able to prove that the target Web-based system implements its designed security requirements avoiding known vulnerabilities in HTTP-based solutions. To reach this aim, we can rely on several testing techniques and mainly on security passive testing approach that is becoming increasingly important to security-relevant aspects into web based software systems. This article describes the application of the TestInv-P passive testing tool as part of the testing phase of TXT e-tourism Web application. TestInv-P is a passive testing tool that monitors communication traces of an application during run-time and verifies whether it satisfies certain security-related invariants derived from SHIELDS models.\",\"PeriodicalId\":117410,\"journal\":{\"name\":\"2010 Third International Conference on Software Testing, Verification, and Validation Workshops\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-04-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 Third International Conference on Software Testing, Verification, and Validation Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSTW.2010.39\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Third International Conference on Software Testing, Verification, and Validation Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSTW.2010.39","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

近年来，基于web的系统变得非常流行，如今，它们被用于金融、医疗和军事系统等关键环境中。随着对安全关键型服务使用Web应用程序的增加，针对这些应用程序的攻击的数量和复杂程度也在增加。因此，必须能够证明目标基于web的系统实现了其设计的安全需求，避免了基于http的解决方案中的已知漏洞。为了达到这个目标，我们可以依靠几种测试技术，主要是安全被动测试方法，这对于基于web的软件系统的安全相关方面变得越来越重要。本文描述了testinvp被动测试工具的应用，作为TXT电子旅游Web应用程序测试阶段的一部分。TestInv-P是一个被动的测试工具，它在运行期间监视应用程序的通信跟踪，并验证它是否满足从SHIELDS模型派生的某些与安全相关的不变量。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Practical Experience Gained from Passive Testing of Web Based Systems

In recent years Web-based systems have become extremely popular and, nowadays, they are used in critical environments such as financial, medical, and military systems. As the use of Web applications for security-critical services has increased, the number and sophistication of attacks against these applications have grown as well. For this reason it is essential to be able to prove that the target Web-based system implements its designed security requirements avoiding known vulnerabilities in HTTP-based solutions. To reach this aim, we can rely on several testing techniques and mainly on security passive testing approach that is becoming increasingly important to security-relevant aspects into web based software systems. This article describes the application of the TestInv-P passive testing tool as part of the testing phase of TXT e-tourism Web application. TestInv-P is a passive testing tool that monitors communication traces of an application during run-time and verifies whether it satisfies certain security-related invariants derived from SHIELDS models.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2010 Third International Conference on Software Testing, Verification, and Validation Workshops

自引率

0.00%

发文量