Welcome to the InfoSci Platform
Method Using Command Abstraction Library for Iterative Testing Security of Web Applications

Method Using Command Abstraction Library for Iterative Testing Security of Web Applications

Seiji Munetoh, Nobukazu Yoshioka
Copyright: © 2015 |Volume: 6 |Issue: 3 |Pages: 24
ISSN: 1947-3036|EISSN: 1947-3044|EISBN13: 9781466678675|DOI: 10.4018/IJSSE.2015070102
Cite Article Cite Article

MLA

Munetoh, Seiji, and Nobukazu Yoshioka. "Method Using Command Abstraction Library for Iterative Testing Security of Web Applications." IJSSE vol.6, no.3 2015: pp.26-49. http://doi.org/10.4018/IJSSE.2015070102

APA

Munetoh, S. & Yoshioka, N. (2015). Method Using Command Abstraction Library for Iterative Testing Security of Web Applications. International Journal of Secure Software Engineering (IJSSE), 6(3), 26-49. http://doi.org/10.4018/IJSSE.2015070102

Chicago

Munetoh, Seiji, and Nobukazu Yoshioka. "Method Using Command Abstraction Library for Iterative Testing Security of Web Applications," International Journal of Secure Software Engineering (IJSSE) 6, no.3: 26-49. http://doi.org/10.4018/IJSSE.2015070102

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

A framework based on a scripting language is commonly used in Web application development, and high development efficiency is often achieved by applying several Agile development techniques. However, the adaptation of security assurance techniques to support Agile development is still underway, particularly from the developer's perspective. The authors have addressed this problem by developing an iterative security testing method that splits the security test target application into two parts on the basis of the code lifecycle, application logic (“active development code”) and framework (“used code”). For the former, detailed security testing is conducted using static analysis since it contains code that is changed during the iterative development process. For the latter, an abstraction library at the command granularity level is created and maintained. The library identifies the behavior of an application from the security assurance standpoint. This separation reduces the amount of code to be statically inspected and provides a mechanism for sharing security issues among application developers using the same Web application framework. Evaluation demonstrated that this method can detect various types of Web application vulnerabilities.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.