期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于扩展FSM的Web应用安全测试研究 被引量:4

RESEARCH ON WEB APPLICATION SECURITY TESTING BASED ON EXTENDED FSM
在线阅读 下载PDF
导出
摘要 Web应用程序由于其自身的特点和实现方式,在面对恶意攻击时,显得十分脆弱。为了提高Web应用系统的安全性,需要针对它的特点设计合理有效的测试方法。提出一种方法,采用扩展的有限状态机模型针对Web应用可能存在安全漏洞的模块进行形式化的分析建模,生成威胁模型并从中解析出抽象的安全测试用例。结合常见的Web应用安全攻击方式中基于语法的攻击输入数据,将抽象的安全测试用例实例化为实现级别的可执行的安全测试用例。设计开发了一个原型工具,以一个Web购物网站为待测系统,在实验中验证了该方法的可行性和有效性。 Due to the characteristics and implementation of its own,Web application is very fragile when getting malicious attacks. In order to improve the security of Web application,it is necessary to design reasonable and effective test method based on its characteristics. This paper proposed a method to model the possible vulnerabilities of Web applications by using the extended finite state machine model to generate a threat model and analyze the abstract security test cases. By combining the test data generated based on the syntax,the abstract security test cases were converted into executable security test cases of implement level. According to the article content design,we developed a prototype tool.Taking a Web shopping site as the system under test,the feasibility and effectiveness of the method were verified in the experiment.
作者 李栋
机构地区 上海大学计算机工程与科学学院
出处 《计算机应用与软件》 北大核心 2018年第2期30-35,101,共7页 Computer Applications and Software
关键词 基于模型的安全测试 WEB应用 威胁模型 安全测试用例 Mode-based security testing Web application Threat model Security test case
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献2

二级参考文献39

  • 1许蕾,徐宝文.Web应用测试框架研究[J].东南大学学报(自然科学版),2004,34(6):751-755. 被引量:14
  • 2周晓宇,许蕾,徐宝文,陈火旺.Web应用的自动测试[J].计算机科学,2005,32(1):125-127. 被引量:8
  • 3胡蓉,缪淮扣,刘焕洲.一种基于Web软件集成测试的建模方法[J].计算机科学,2007,34(6):253-257. 被引量:5
  • 4Pretschner Alexander, Lotzbeyer Heiko, Philipps Jan. Model based testing in evolutionary software development//Proceedings of the 12th IEEE International Workshop on Rapid System Prototyping. IEEE Computer Society, Washington, DC, USA, 2001:155-161.
  • 5Tonella Paolo, Ricca Filippo. Statistical testing of Web applications. Journal of Software Maintenance and Evolution: Research and Practice, 2004, 16(2): 103-127.
  • 6Utting Mark, Pretschner Alexander, Legeard Bruno. A taxonomy of model-based testing approaches. Software Testing, Verification and Reliability, Wiley Online Library, 2011: 1-16.
  • 7Neto Arilo C. Dias, Subramanyan Rajesh, et al. A survey on model-based testing approaches: A systematic review//Proceedings of the 1st ACM international Workshop on Empirical Assessment of Software Engineering Languages and Technologies: Held in Conjunction with the 22nd IEEE/ ACM International Conference on Automated Software Engineering (ASE'07). ACM, New York, USA, 2007:31-36.
  • 8Lucca G A D, Fasolino A R. Testing Web-based applications : The state of the art and future trends. Information and Software Technology, 2006, 48(12) : 1172-1186.
  • 9Hieatt Edward, Mee Robert. Going faster: Testing the Web application. IEEE Software, 2002, 19(2): 60-65.
  • 10Isakowitz Tomas, Stohr Edward A, Balasubramanian P. RMM: A methodology for structured hypermedia design. Communication of the ACM, 1995, 38(8): 34-44.

共引文献39

同被引文献25

引证文献4

二级引证文献20

计算机应用与软件
2018年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部