東華大學圖書館 |

Language: English

Help

回圖書館首頁

手機版館藏查詢

Back

Switch To: Labeled | MARC Mode | ISBD

Web Applications Security Testing: G...

Ali, Fakhreldin Tagelssir Elkhdir.

Linked to FindBook

Google Book

Amazon

博客來

Web Applications Security Testing: Genetic Algorithms Based Test Data Generator.

Record Type:	Language materials, printed : Monograph/item
Title/Author:	Web Applications Security Testing: Genetic Algorithms Based Test Data Generator./
Author:	Ali, Fakhreldin Tagelssir Elkhdir.
Description:	121 p.
Notes:	Source: Masters Abstracts International, Volume: 51-05.
Contained By:	Masters Abstracts International51-05(E).
Subject:	Computer Science. -
Online resource:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=1533676
ISBN:	9781267919021

Web Applications Security Testing: Genetic Algorithms Based Test Data Generator.
Ali, Fakhreldin Tagelssir Elkhdir.

Web Applications Security Testing: Genetic Algorithms Based Test Data Generator. - 121 p.

Source: Masters Abstracts International, Volume: 51-05.

Thesis (M.S.)--King Fahd University of Petroleum and Minerals (Saudi Arabia), 2012.

Web applications suffer from different security vulnerabilities that could be exploited by hackers to cause harm in a variety of ways. A number of approaches have been proposed to test for security vulnerabilities. In conducting a critical literature survey of the prominent approaches, we developed a framework composed of a set of criteria for classifying and comparing such approaches. Benefitting from applying the framework and the corresponding findings of the survey, we developed a new approach to fill in some identified gaps with regard to testing for security vulnerabilities. In particular, we addressed the problem of automatically generating an effective set of test data (i.e., possible attacks) to test for cross site scripting vulnerabilities (XSS). The objective is to exercise candidate security vulnerable paths in a given script under test (SUT); such a set of test data must be effective in the sense that it uncovers whether any path can indeed be used to launch an attack. Our approach is based on converting the testing problem into a search problem to find effective test data given all input parameters search space where each parameter can be of a string or numeric type. We designed a genetic algorithm based test data generator that uses a database of XSS attack patterns to generate an input value which represents a possible attack, and observe whether the attack is successful. We focused on these different types of XSS vulnerabilities: stored, reflected and DOM based which can lead to different problems like cookie thefts, Web page defacements, etc.

ISBN: 9781267919021Subjects--Topical Terms:

626642
Computer Science.

Web Applications Security Testing: Genetic Algorithms Based Test Data Generator.
LDR:03248nam a2200301 4500 001 1959434
005 20140520124310.5
008 150210s2012 ||||||||||||||||| ||eng d
020 $a 9781267919021
035 $a (MiAaPQ)AAI1533676
035 $a AAI1533676
040 $a MiAaPQ $c MiAaPQ
100 1 $a Ali, Fakhreldin Tagelssir Elkhdir. $3 2094854
245 1 0 $a Web Applications Security Testing: Genetic Algorithms Based Test Data Generator.
300 $a 121 p.
500 $a Source: Masters Abstracts International, Volume: 51-05.
500 $a Adviser: Moataz A. Ahmed.
502 $a Thesis (M.S.)--King Fahd University of Petroleum and Minerals (Saudi Arabia), 2012.
520 $a Web applications suffer from different security vulnerabilities that could be exploited by hackers to cause harm in a variety of ways. A number of approaches have been proposed to test for security vulnerabilities. In conducting a critical literature survey of the prominent approaches, we developed a framework composed of a set of criteria for classifying and comparing such approaches. Benefitting from applying the framework and the corresponding findings of the survey, we developed a new approach to fill in some identified gaps with regard to testing for security vulnerabilities. In particular, we addressed the problem of automatically generating an effective set of test data (i.e., possible attacks) to test for cross site scripting vulnerabilities (XSS). The objective is to exercise candidate security vulnerable paths in a given script under test (SUT); such a set of test data must be effective in the sense that it uncovers whether any path can indeed be used to launch an attack. Our approach is based on converting the testing problem into a search problem to find effective test data given all input parameters search space where each parameter can be of a string or numeric type. We designed a genetic algorithm based test data generator that uses a database of XSS attack patterns to generate an input value which represents a possible attack, and observe whether the attack is successful. We focused on these different types of XSS vulnerabilities: stored, reflected and DOM based which can lead to different problems like cookie thefts, Web page defacements, etc.
520 $a We empirically validated our test data generator using case studies of Web applications developed using PHP and MySQL. We present two different sets of experiments, the first set deals with a single vulnerable path at a time and the second set deals with multiple vulnerable paths at a time. Results showed that the proposed test data generator is effective in testing one path at a time as well as testing multiple paths at time.
520 $a Due to the unviability of similar work that we can use to benchmark our approach against, we compared results of our approach with a random approach which selects random XSS patterns from the database and used them with the web application under test. Our approach performs much better than the random approach.
590 $a School code: 1088.
650 4 $a Computer Science. $3 626642
650 4 $a Web Studies. $3 1026830
690 $a 0984
690 $a 0646
710 2 $a King Fahd University of Petroleum and Minerals (Saudi Arabia). $b Computer Engineering Department. $3 2094855
773 0 $t Masters Abstracts International $g 51-05(E).
790 $a 1088
791 $a M.S.
792 $a 2012
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=1533676