Title: Proceedings of the 6th International Conference on Model-Driven Engineering and Software Development, MODELSWARD 2018, Funchal, Madeira - Portugal, January 22-24, 2018. Search for Conference Proceedings Publications

Pages: 472-479

Scopus - 0 Citations

INSPEC

Authenticus ID: P-00N-V5Q

Abstract (EN): This paper presents a Pattern Based Testing approach for testing security aspects of the applications under test (AUT). It describes the two security patterns which are the focus of this work (¿Account Lockout¿ and ¿Authentication Enforcer¿) and the test strategies implemented to check if the applications are vulnerable or not regarding these patterns. The PBST (Pattern Based Security Testing) overall approach has two phases: exploration (to identify the web pages of the application under test) and testing (to execute the test strategies developed in order to detect vulnerabilities). An experiment is presented to validate the approach over five public web applications. The goal is to assess the behavior of the tool when varying the upper limit of pages to visit and assess its capacity to find real vulnerabilities. The results are promising. Indeed, it was possible to check that the vulnerabilities detected corresponded to real security problems. Copyright

Language: English

Type (Professor's evaluation): Scientific