Automatic Generation of Penetration Test Cases for Web Applications

Date Issued
2010
Date
2010
Author(s)
Yu, Sheng-Feng
URI
Abstract
As our daily life increasingly relies on the Web, security of Web applications has become more and more important. There exist quite a few analysis tools that can help programmers find vulnerabilities in Web applications, but there is still much room for improvement. These tools can be roughly divided into two groups by their analysis approaches. One uses static analysis, while the other uses dynamic analysis. The biggest difference between the two groups is that static analysis does not execute the Web applications when performing an analysis, but dynamic analysis does. Besides, static analysis needs to exercise over-approximation techniques to evaluate possible states of the program, which might introduce false positives to the analysis results. On the other hand, dynamic analysis encounters difficulties when it has to generate dynamically as many test cases as possible to cover all paths in the program. The results of dynamic analysis usually contain false negatives because of lower path coverage rates. In general, a rigorous code review process requires human experts to manually inspect the analysis result from analysis tools. It is an essential but time-consuming and error-prone task. In this thesis, we propose an approach for combining static analysis and dynamic testing to confirm the true vulnerabilities and hence reduce the number of vulnerabilities that human experts have to examine. We apply backward data flow analysis to explore all executable paths of the corresponding vulnerabilities in the target program. In the process of exploring all possible paths by the breadth-first search algorithm, our approach collects simultaneously constraint information along a path. Afterward, we append an attack pattern to the sink variable and try to generate test cases by manipulating constraint solvers to solve collected constraints. Furthermore, given a generated test case, we provide a Web-based testing which can automatically execute the test case and confirm the existence of vulnerabilities. On the whole, our approach integrates static analysis and dynamic testing to provide test cases generation and Web-based test cases execution, producing high-confidence results.
Subjects
Test Cases
Automatic Testing
Static Analysis
Security Vulnerability
Web Applications
File(s)
Loading...
Thumbnail Image
Name

ntu-99-R97725044-1.pdf

Size

23.32 KB

Format

Adobe PDF

Checksum

(MD5):6b011649bb99b8abdf7a3b38b26be288

臺大位居世界頂尖大學之列,為永久珍藏及向國際展現本校豐碩的研究成果及學術能量,圖書館整合機構典藏(NTUR)與學術庫(AH)不同功能平台,成為臺大學術典藏NTU scholars。期能整合研究能量、促進交流合作、保存學術產出、推廣研究成果。

To permanently archive and promote researcher profiles and scholarly works, Library integrates the services of “NTU Repository” with “Academic Hub” to form NTU Scholars.

總館學科館員 (Main Library)
醫學圖書館學科館員 (Medical Library)
社會科學院辜振甫紀念圖書館學科館員 (Social Sciences Library)

開放取用是從使用者角度提升資訊取用性的社會運動,應用在學術研究上是透過將研究著作公開供使用者自由取閱,以促進學術傳播及因應期刊訂購費用逐年攀升。同時可加速研究發展、提升研究影響力,NTU Scholars即為本校的開放取用典藏(OA Archive)平台。(點選深入了解OA)

  • 請確認所上傳的全文是原創的內容,若該文件包含部分內容的版權非匯入者所有,或由第三方贊助與合作完成,請確認該版權所有者及第三方同意提供此授權。
    Please represent that the submission is your original work, and that you have the right to grant the rights to upload.
  • 若欲上傳已出版的全文電子檔,可使用Open policy finder網站查詢,以確認出版單位之版權政策。
    Please use Open policy finder to find a summary of permissions that are normally given as part of each publisher's copyright transfer agreement.

Built with DSpace-CRIS software - Extension maintained and optimized by 4Science