SWaTEval: An Evaluation Framework for Stateful Web Application Testing

Anne Borcherding; Anne Borcherding; Nikolay Penkov; Mark Giraud; Jürgen Beyerer; Jürgen Beyerer; Jürgen Beyerer

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

SWaTEval: An Evaluation Framework for Stateful Web Application Testing

Topics: Security; Security Frameworks, Architectures and Protocols; Security in IoT and Edge Computing; Vulnerability Analysis and Countermeasures; Web Applications and Services

In Proceedings of the 9th International Conference on Information Systems Security and Privacy ICISSP - Volume 1, 430-441, 2023 , Lisbon, Portugal

Authors: Anne Borcherding ^{1

;

2} ; Nikolay Penkov ¹ ; Mark Giraud ¹ and Jürgen Beyerer ^{1

;

3

;

2}

Affiliations: ¹ Fraunhofer Institute of Optronics, System Technologies and Image Exploitation IOSB, Karlsruhe, Germany ; ² KASTEL Security Research Labs, Karlsruhe, Germany ; ³ Vision and Fusion Laboratory (IES), Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany

Keyword(s): Web Application Testing, Stateful Testing, Blackbox Testing, State Machine Inference, Fuzzing, Clustering.

Abstract: Web applications are an easily accessible and valuable target for attackers. Therefore, web applications need to be examined for vulnerabilities. Modern web applications usually behave in a stateful manner and hence have an underlying state machine that determines their behavior based on the current state. To thoroughly test a web application, it is necessary to consider all aspects of a web application, including its internal states. In a blackbox setting, which we presuppose for this work, however, the internal state machine must be inferred before it can be used for testing. For state machine inference it is necessary to choose a similarity measure for web pages. Some approaches for automated blackbox stateful testing for web applications have already been proposed. It is, however, unclear how these approaches perform in comparison. We therefore present our evaluation framework for stateful web application testing, SWaTEval. In our evaluation, we show that SWaTEval is able to repr oduce evaluation results from literature, demonstrating that SWaTEval is suitable for conducting meaningful evaluations. Further, we use SWaTEval to evaluate various approaches to similarity measures for web pages, including a new method based on the euclidean distance that we propose in this paper. These similarity measures are an important part of the automated state machine inference necessary for stateful blackbox testing. We show that the choice of similarity measure has an impact on the performance of the state machine inference regarding the number of correctly identified states, and that our newly proposed similarity measure leads to the highest number of correctly identified states. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.220.66.151

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Borcherding, A.; Penkov, N.; Giraud, M. and Beyerer, J. (2023). SWaTEval: An Evaluation Framework for Stateful Web Application Testing. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-624-8; ISSN 2184-4356, SciTePress, pages 430-441. DOI: 10.5220/0011652200003405

@conference{icissp23,
author={Anne Borcherding. and Nikolay Penkov. and Mark Giraud. and Jürgen Beyerer.},
title={SWaTEval: An Evaluation Framework for Stateful Web Application Testing},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP},
year={2023},
pages={430-441},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011652200003405},
isbn={978-989-758-624-8},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP
TI - SWaTEval: An Evaluation Framework for Stateful Web Application Testing
SN - 978-989-758-624-8
IS - 2184-4356
AU - Borcherding, A.
AU - Penkov, N.
AU - Giraud, M.
AU - Beyerer, J.
PY - 2023
SP - 430
EP - 441
DO - 10.5220/0011652200003405
PB - SciTePress