Automatic Test Approach of Web Application for Security (AutoInspect)

Choi, Kyung Cheol; Lee, Gun Ho

doi:10.1007/11751632_72

Kyung Cheol Choi²⁴ &
Gun Ho Lee²⁴

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3983))

Included in the following conference series:

International Conference on Computational Science and Its Applications

Abstract

We present an automatic test approach to improve the security of web application, which detects vulnerable spots based on black box test through three phases of craw, test, and report. The test process considers a blind point for security through the development life cycle, the faults of web application and server setup in a various point of attackers, etc. The test approach is applied to the web applications in industry, analyzed, and compared with the existing test tool.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 139.00; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Achilles: Web Application Proxy Tool, http://www.owasp.org
Appscan: Web Application Testing Tool, http://www.watchfire.com
Arkin, B., Stender, S., McGraw, G.: Software Penetration Testing. IEEE Security & Privacy 3(1), 84–87 (2005)
Article Google Scholar
AppsecInc: Manipulating Microsoft SQL Server Using SQL Injection (2002), http://www.appsecInc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf
Auronen, L.: Tool-Based Approach to Assessing Web Application Security. Helsinki University of Technology (2002)
Google Scholar
Borgelt, C., Kruse, R.: Induction of Association Rules: Apriori Implementation. In: 15th Conference on Computational Statistics Compstat, Berlin, Germany (2002)
Google Scholar
CgiSecurity: CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests (2002), http://www.cgisecurity.com/articles/xss-faq.shtml
Ghosh, A.K., McGraw, G.: An Approach for Certifying Security in Software Components. In: Proceedings of the 21st National Information Systems Security Conference, Crystal City, VA, October 5-8 (1998)
Google Scholar
Heineman, K.: Building Web Application Security into Your Development Process (2003), http://www.spidynamics.com/whitepapers/Webapp_Dev_Process.pdf
Multi-criterion decision-making, http://ecolu-info.unige.ch/~dubois/Mutate_final/Lectures/Lect131/lect131.htm
Noriyuki, M., Ken, N.: Interactive Support for Decision Making. Institute Policy and Planning Sciences, Univ. of Tsukuba, Nissan Motor, Co. Ltd. Nissan Technical Center
Google Scholar
NGS Software: Advanced SQL Injection In SQL Server Applications (2002), http://www.nextgenss.com/papers/advanced_sql_injection.pdf
OWASP: Top 10 Most Critical Web Application Security Vulnerabilities (2004), http://www.owasp.org/documentation/topten.html
Scando: Web Application Testing Tool, http://www.kavado.com
SecurityFocus: Black Box Test Method, http://www.securityfocus.com/infocus/1709
Hoo, K.S., Sudbury, A.W., Jaquith, A.R.: Tangible ROI through Secure Software Engineering. Secure Business Quarterly 1(2) (2001)
Google Scholar
WebInspect: Web Application Testing Tool, http://www.spidynamics.com
WebScrab: Web Application Testing Tool, http://www.owasp.org
Wen, Y., Kun, S., Lin, T.P.: Web Application Security Assessment by Fault Injection and Behavior Monitoring. In: The 12th International W3 Conference, Budapest, Hungary, May 20-24 (2003)
Google Scholar

Download references

Author information

Authors and Affiliations

Dept. of Industrial/Information Systems Engineering, Soongsil University, Sangdo 5dong Dongjakku, Seoul, 156-743, Korea
Kyung Cheol Choi & Gun Ho Lee

Authors

Kyung Cheol Choi
View author publications
You can also search for this author in PubMed Google Scholar
Gun Ho Lee
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada
Marina L. Gavrilova
Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy
Osvaldo Gervasi
William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA
Vipin Kumar
OptimaNumerics Ltd.,, Cathedral House 23-31 Waring Street, BT1 2DX, Belfast, UK
C. J. Kenneth Tan
Clayton School of IT, Monash University, 3800, Clayton, Australia
David Taniar
Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy
Antonio Laganá
School of Computing, Soongsil University, Seoul, Korea
Youngsong Mun
School of Information and Communication Engineering, Sungkyunkwan University, Korea
Hyunseung Choo

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Choi, K.C., Lee, G.H. (2006). Automatic Test Approach of Web Application for Security (AutoInspect). In: Gavrilova, M.L., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751632_72

Download citation

DOI: https://doi.org/10.1007/11751632_72
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34077-5
Online ISBN: 978-3-540-34078-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics