{"title":"使用TTCN-3作为web渗透测试的建模语言","authors":"B. Stepien, L. Peyton, Pulei Xiong","doi":"10.1109/ICIT.2012.6210016","DOIUrl":null,"url":null,"abstract":"Penetration testing is widely used for vulnerability assessment of web applications. Usually, it is performed by specialized security experts after development is completed and the application deployed into production, but recent research has proposed a model based penetration test framework for web applications which provides a repeatable, systematic and cost-efficient approach fully integrated into a security-oriented software development life cycle. In this context, we evaluate the test specification language TTCN-3 as a modeling language for web penetration testing and show how its inherent abstraction features make the process of generating web penetration test campaigns easier. In particular, we demonstrate the advantages of combining separate models for the relevant web vulnerabilities and web application functionalities, with a generic web abstraction model and a TTCN-3 test framework model.","PeriodicalId":365141,"journal":{"name":"2012 IEEE International Conference on Industrial Technology","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-03-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"Using TTCN-3 as a modeling language for web penetration testing\",\"authors\":\"B. Stepien, L. Peyton, Pulei Xiong\",\"doi\":\"10.1109/ICIT.2012.6210016\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Penetration testing is widely used for vulnerability assessment of web applications. Usually, it is performed by specialized security experts after development is completed and the application deployed into production, but recent research has proposed a model based penetration test framework for web applications which provides a repeatable, systematic and cost-efficient approach fully integrated into a security-oriented software development life cycle. In this context, we evaluate the test specification language TTCN-3 as a modeling language for web penetration testing and show how its inherent abstraction features make the process of generating web penetration test campaigns easier. In particular, we demonstrate the advantages of combining separate models for the relevant web vulnerabilities and web application functionalities, with a generic web abstraction model and a TTCN-3 test framework model.\",\"PeriodicalId\":365141,\"journal\":{\"name\":\"2012 IEEE International Conference on Industrial Technology\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-03-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE International Conference on Industrial Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIT.2012.6210016\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE International Conference on Industrial Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIT.2012.6210016","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Using TTCN-3 as a modeling language for web penetration testing
Penetration testing is widely used for vulnerability assessment of web applications. Usually, it is performed by specialized security experts after development is completed and the application deployed into production, but recent research has proposed a model based penetration test framework for web applications which provides a repeatable, systematic and cost-efficient approach fully integrated into a security-oriented software development life cycle. In this context, we evaluate the test specification language TTCN-3 as a modeling language for web penetration testing and show how its inherent abstraction features make the process of generating web penetration test campaigns easier. In particular, we demonstrate the advantages of combining separate models for the relevant web vulnerabilities and web application functionalities, with a generic web abstraction model and a TTCN-3 test framework model.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
