A testing framework for Web application security assessment

Yao Wen Huang*, Chung Hung Tsai, Tsung Po Lin, Shih-Kun Huang, D. T. Lee, Sy Yen Kuo

*Corresponding author for this work

Research output: Contribution to journalArticle

45 Scopus citations

Abstract

The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.

Original languageEnglish
Pages (from-to)739-761
Number of pages23
JournalComputer Networks
Volume48
Issue number5
DOIs
StatePublished - 5 Aug 2005

Keywords

  • Black-box testing
  • Complete crawling
  • Fault injection
  • Security assessment
  • Web application testing

Fingerprint Dive into the research topics of 'A testing framework for Web application security assessment'. Together they form a unique fingerprint.

  • Cite this

    Huang, Y. W., Tsai, C. H., Lin, T. P., Huang, S-K., Lee, D. T., & Kuo, S. Y. (2005). A testing framework for Web application security assessment. Computer Networks, 48(5), 739-761. https://doi.org/10.1016/j.comnet.2005.01.003