Risk-Based Vulnerability Testing Using Security Test Patterns
| Autor: | Alexandre Vernotte, Fabien Peureux, Bruno Legeard, Julien Botella |
|---|---|
| Rok vydání: | 2014 |
| Předmět: |
Model-based testing
business.industry Computer science Risk-based testing Software performance testing Machine learning computer.software_genre Computer security Security testing System under test Vulnerability assessment Test Management Approach Artificial intelligence business computer Vulnerability (computing) |
| Zdroj: | Leveraging Applications of Formal Methods, Verification and Validation. Specialized Techniques and Applications ISBN: 9783662452301 ISoLA (2) |
| DOI: | 10.1007/978-3-662-45231-8_24 |
| Popis: | This paper introduces an original security testing approach guided by risk assessment, by means of risk coverage, to perform and automate vulnerability testing for Web applications. This approach, called Risk-Based Vulnerability Testing, adapts Model-Based Testing techniques, which are mostly used currently to address functional features. It also extends Model-Based Vulnerability Testing techniques by driving the testing process using security test patterns selected from risk assessment results. The adaptation of such techniques for Risk-Based Vulnerability Testing defines novel features in this research domain. In this paper, we describe the principles of our approach, which is based on a mixed modeling of the System Under Test: the model used for automated test generation captures some behavioral aspects of the Web applications, but also includes vulnerability test purposes to drive the test generation process. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|