語系:
繁體中文
English
說明(常見問題)
回圖書館首頁
手機版館藏查詢
登入
回首頁
切換:
標籤
|
MARC模式
|
ISBD
Web Applications Security Testing: G...
~
Ali, Fakhreldin Tagelssir Elkhdir.
FindBook
Google Book
Amazon
博客來
Web Applications Security Testing: Genetic Algorithms Based Test Data Generator.
紀錄類型:
書目-語言資料,印刷品 : Monograph/item
正題名/作者:
Web Applications Security Testing: Genetic Algorithms Based Test Data Generator./
作者:
Ali, Fakhreldin Tagelssir Elkhdir.
面頁冊數:
121 p.
附註:
Source: Masters Abstracts International, Volume: 51-05.
Contained By:
Masters Abstracts International51-05(E).
標題:
Computer Science. -
電子資源:
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=1533676
ISBN:
9781267919021
Web Applications Security Testing: Genetic Algorithms Based Test Data Generator.
Ali, Fakhreldin Tagelssir Elkhdir.
Web Applications Security Testing: Genetic Algorithms Based Test Data Generator.
- 121 p.
Source: Masters Abstracts International, Volume: 51-05.
Thesis (M.S.)--King Fahd University of Petroleum and Minerals (Saudi Arabia), 2012.
Web applications suffer from different security vulnerabilities that could be exploited by hackers to cause harm in a variety of ways. A number of approaches have been proposed to test for security vulnerabilities. In conducting a critical literature survey of the prominent approaches, we developed a framework composed of a set of criteria for classifying and comparing such approaches. Benefitting from applying the framework and the corresponding findings of the survey, we developed a new approach to fill in some identified gaps with regard to testing for security vulnerabilities. In particular, we addressed the problem of automatically generating an effective set of test data (i.e., possible attacks) to test for cross site scripting vulnerabilities (XSS). The objective is to exercise candidate security vulnerable paths in a given script under test (SUT); such a set of test data must be effective in the sense that it uncovers whether any path can indeed be used to launch an attack. Our approach is based on converting the testing problem into a search problem to find effective test data given all input parameters search space where each parameter can be of a string or numeric type. We designed a genetic algorithm based test data generator that uses a database of XSS attack patterns to generate an input value which represents a possible attack, and observe whether the attack is successful. We focused on these different types of XSS vulnerabilities: stored, reflected and DOM based which can lead to different problems like cookie thefts, Web page defacements, etc.
ISBN: 9781267919021Subjects--Topical Terms:
626642
Computer Science.
Web Applications Security Testing: Genetic Algorithms Based Test Data Generator.
LDR
:03248nam a2200301 4500
001
1959434
005
20140520124310.5
008
150210s2012 ||||||||||||||||| ||eng d
020
$a
9781267919021
035
$a
(MiAaPQ)AAI1533676
035
$a
AAI1533676
040
$a
MiAaPQ
$c
MiAaPQ
100
1
$a
Ali, Fakhreldin Tagelssir Elkhdir.
$3
2094854
245
1 0
$a
Web Applications Security Testing: Genetic Algorithms Based Test Data Generator.
300
$a
121 p.
500
$a
Source: Masters Abstracts International, Volume: 51-05.
500
$a
Adviser: Moataz A. Ahmed.
502
$a
Thesis (M.S.)--King Fahd University of Petroleum and Minerals (Saudi Arabia), 2012.
520
$a
Web applications suffer from different security vulnerabilities that could be exploited by hackers to cause harm in a variety of ways. A number of approaches have been proposed to test for security vulnerabilities. In conducting a critical literature survey of the prominent approaches, we developed a framework composed of a set of criteria for classifying and comparing such approaches. Benefitting from applying the framework and the corresponding findings of the survey, we developed a new approach to fill in some identified gaps with regard to testing for security vulnerabilities. In particular, we addressed the problem of automatically generating an effective set of test data (i.e., possible attacks) to test for cross site scripting vulnerabilities (XSS). The objective is to exercise candidate security vulnerable paths in a given script under test (SUT); such a set of test data must be effective in the sense that it uncovers whether any path can indeed be used to launch an attack. Our approach is based on converting the testing problem into a search problem to find effective test data given all input parameters search space where each parameter can be of a string or numeric type. We designed a genetic algorithm based test data generator that uses a database of XSS attack patterns to generate an input value which represents a possible attack, and observe whether the attack is successful. We focused on these different types of XSS vulnerabilities: stored, reflected and DOM based which can lead to different problems like cookie thefts, Web page defacements, etc.
520
$a
We empirically validated our test data generator using case studies of Web applications developed using PHP and MySQL. We present two different sets of experiments, the first set deals with a single vulnerable path at a time and the second set deals with multiple vulnerable paths at a time. Results showed that the proposed test data generator is effective in testing one path at a time as well as testing multiple paths at time.
520
$a
Due to the unviability of similar work that we can use to benchmark our approach against, we compared results of our approach with a random approach which selects random XSS patterns from the database and used them with the web application under test. Our approach performs much better than the random approach.
590
$a
School code: 1088.
650
4
$a
Computer Science.
$3
626642
650
4
$a
Web Studies.
$3
1026830
690
$a
0984
690
$a
0646
710
2
$a
King Fahd University of Petroleum and Minerals (Saudi Arabia).
$b
Computer Engineering Department.
$3
2094855
773
0
$t
Masters Abstracts International
$g
51-05(E).
790
$a
1088
791
$a
M.S.
792
$a
2012
793
$a
English
856
4 0
$u
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=1533676
筆 0 讀者評論
館藏地:
全部
電子資源
出版年:
卷號:
館藏
1 筆 • 頁數 1 •
1
條碼號
典藏地名稱
館藏流通類別
資料類型
索書號
使用類型
借閱狀態
預約狀態
備註欄
附件
W9254262
電子資源
11.線上閱覽_V
電子書
EB
一般使用(Normal)
在架
0
1 筆 • 頁數 1 •
1
多媒體
評論
新增評論
分享你的心得
Export
取書館
處理中
...
變更密碼
登入