Plan It! Automated Security Testing Based on Planning - Testing Software and Systems
Conference Papers Year : 2014

Plan It! Automated Security Testing Based on Planning

Franz Wotawa
  • Function : Author
  • PersonId : 994796
Josip Bozic
  • Function : Author
  • PersonId : 994797

Abstract

Testing of web applications for common vulnerabilities still represents a major challenge in the area of security testing. The objective here is not necessarily to find new vulnerabilities but to ensure that the web application handles well-known attack patterns in a reliable way. Previously developed methods based on formalizing attack patterns contribute to the underlying challenge. However, the adaptation of the attack models is not easy and requires substantial effort. In order to make modeling easier we suggest representing attacks as a sequence of known actions that have to be carried out in order to be successful. Each action has some pre conditions and some effects. Hence, we are able to represent testing in this context as a planning problem where the goal is to break the application under test. In the paper, we discuss the proposed planning based testing approach, introduce the underlying concepts and definitions, and present some experimental results obtained from an implementation.
Fichier principal
Vignette du fichier
978-3-662-44857-1_4_Chapter.pdf (278.44 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01405274 , version 1 (29-11-2016)

Licence

Identifiers

Cite

Franz Wotawa, Josip Bozic. Plan It! Automated Security Testing Based on Planning. 26th IFIP International Conference on Testing Software and Systems (ICTSS), Sep 2014, Madrid, Spain. pp.48-62, ⟨10.1007/978-3-662-44857-1_4⟩. ⟨hal-01405274⟩
166 View
167 Download

Altmetric

Share

More