%0 Conference Proceedings
%T Plan It! Automated Security Testing Based on Planning
%+ Graz University of Technology [Graz] (TU Graz)
%A Wotawa, Franz
%A Bozic, Josip
%Z Part 1: Testing Methodologies
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 26th IFIP International Conference on Testing Software and Systems (ICTSS)
%C Madrid, Spain
%Y Mercedes G. Merayo
%Y Edgardo Montes Oca
%I Springer
%3 Testing Software and Systems
%V LNCS-8763
%P 48-62
%8 2014-09-23
%D 2014
%R 10.1007/978-3-662-44857-1_4
%K Model-based testing
%K planning-problem
%K security testing
%K SQL injection
%K cross-site scripting
%Z Computer Science [cs]
%Z Computer Science [cs]/Networking and Internet Architecture [cs.NI]Conference papers
%X Testing of web applications for common vulnerabilities still represents a major challenge in the area of security testing. The objective here is not necessarily to find new vulnerabilities but to ensure that the web application handles well-known attack patterns in a reliable way. Previously developed methods based on formalizing attack patterns contribute to the underlying challenge. However, the adaptation of the attack models is not easy and requires substantial effort. In order to make modeling easier we suggest representing attacks as a sequence of known actions that have to be carried out in order to be successful. Each action has some pre conditions and some effects. Hence, we are able to represent testing in this context as a planning problem where the goal is to break the application under test. In the paper, we discuss the proposed planning based testing approach, introduce the underlying concepts and definitions, and present some experimental results obtained from an implementation.
%G English
%Z TC 6
%Z WG 6.1
%2 https://inria.hal.science/hal-01405274/document
%2 https://inria.hal.science/hal-01405274/file/978-3-662-44857-1_4_Chapter.pdf
%L hal-01405274
%U https://inria.hal.science/hal-01405274
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC6
%~ IFIP-WG6-1
%~ IFIP-LNCS-8763
%~ IFIP-ICTSS