A Systematic Approach to Web Application Penetration Testing Using TTCN-3

机译：使用TTCN-3进行Web应用程序渗透测试的系统方法

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Penetration testing is critical for ensuring web application security. It is often implemented using traditional 3GL web test frameworks (e.g. HttpUnit, HtmlUnit). There is little awareness in the literature that a test specification language like TTCN-3 can be effectively combined with such frameworks. In this paper, we identify the essential aspects of TTCN-3 for penetration testing and how best to use them. These include separating abstract test logic from concrete data extraction logic, as well as support for templates, matching test oracles and parallel test components. The advantages of leveraging TTCN-3 together with 3GL web test frameworks for penetration testing is demonstrated and evaluated using example scenarios. The work was performed with a prototype TTCN-3 tool that extends the TTCN-3 model architecture to support the required integration with 3GL web test frameworks. A concrete proposal for modifying the TTCN-3 standard to support this refinement is described.

机译：渗透测试对于确保Web应用程序安全至关重要。它通常使用传统的3GL网络测试框架（例如HttpUnit，HtmlUnit）实现。在文献中很少有人知道像TTCN-3这样的测试规范语言可以有效地与此类框架结合。在本文中，我们确定了TTCN-3进行渗透测试的基本方面以及如何最好地使用它们。这些措施包括将抽象测试逻辑与具体的数据提取逻辑分开，以及对模板的支持，匹配的测试预言和并行测试组件。使用示例方案演示并评估了将TTCN-3与3GL Web测试框架一起用于渗透测试的优势。这项工作是使用TTCN-3工具原型完成的，该工具扩展了TTCN-3模型体系结构以支持与3GL Web测试框架的所需集成。描述了修改TTCN-3标准以支持此改进的具体建议。

著录项

来源
《E-Technologies: transformation in a connected world》|2011年|p.1-16|共16页
会议地点 Les Diablerets(CH);Les Diablerets(CH)
作者
Bernard Stepien; Pulei Xiong; Liam Peyton;
展开▼
作者单位

School of Information Technology and Engineering, University of Ottawa, Canada;

School of Information Technology and Engineering, University of Ottawa, Canada;

School of Information Technology and Engineering, University of Ottawa, Canada;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类电子贸易、网上贸易;
关键词
web application security; model-based testing; penetration testing; test specification; TTCN-3;

机译：网络应用程序安全性；基于模型的测试；渗透测试;测试规范TTCN-3;

相似文献

外文文献
中文文献
专利

1. Framework Testing Of Web Applications Using Ttcn-3 [J] . Bernard Stepien, Liam Peyton, Pulei Xiong International Journal on Software Tools for Technology Transfer . 2008,第4期

机译：使用Ttcn-3对Web应用程序进行框架测试
2. Innovation and evolution in integrated web application testing with TTCN-3 [J] . Bernard Stepien, Liam Peyton International Journal on Software Tools for Technology Transfer . 2014,第3期

机译：TTCN-3在集成Web应用程序测试中的创新与发展
3. A Multi-Objective Approach for Test Suite Reduction During Testing of Web Applications: A Search-Based Approach [J] . Khanna Munish, Chauhan Naresh, Sharma Dilip Kumar, International Journal of Applied Metaheuristic Computing . 2021,第3期

机译：Web应用中测试套件减少的多目标方法：基于搜索的方法
4. A Systematic Approach to Web Application Penetration Testing Using TTCN-3 [C] . Bernard Stepien, Pulei Xiong, Liam Peyton International MCETECH conference on e-Technologies . 2011

机译：使用TTCN-3的Web应用程序渗透测试的系统方法
5. A Model-Driven Penetration Test Framework for Web Applications. [D] . Xiong, Pulei. 2012

机译：Web应用程序的模型驱动的渗透测试框架。
6. Search-based multi-vulnerability testing of XML injections in web applications [O] . Sadeeq Jan, Annibale Panichella, Andrea Arcuri, -1

机译：Web应用程序中基于注入的基于搜索的XML注入的多漏洞测试
7. 1 Using TTCN-3 as a Modeling Language for Web Penetration Testing [O] . Bernard Stepien, Liam Peyton, Pulei Xiong 2012

机译：1使用TTCN-3作为Web渗透测试的建模语言

A Systematic Approach to Web Application Penetration Testing Using TTCN-3

摘要

著录项

相似文献

相关主题

期刊订阅