CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

Security Testing of Web Applications: Issues and Challenges

by Arunima Jaiswal, Gaurav Raj, Dheerendra Singh
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 88 - Number 3
Year of Publication: 2014
Authors: Arunima Jaiswal, Gaurav Raj, Dheerendra Singh
10.5120/15334-3667

Arunima Jaiswal, Gaurav Raj, Dheerendra Singh . Security Testing of Web Applications: Issues and Challenges. International Journal of Computer Applications. 88, 3 ( February 2014), 26-32. DOI=10.5120/15334-3667

@article{ 10.5120/15334-3667,
author = { Arunima Jaiswal, Gaurav Raj, Dheerendra Singh },
title = { Security Testing of Web Applications: Issues and Challenges },
journal = { International Journal of Computer Applications },
issue_date = { February 2014 },
volume = { 88 },
number = { 3 },
month = { February },
year = { 2014 },
issn = { 0975-8887 },
pages = { 26-32 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume88/number3/15334-3667/ },
doi = { 10.5120/15334-3667 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:06:41.475944+05:30
%A Arunima Jaiswal
%A Gaurav Raj
%A Dheerendra Singh
%T Security Testing of Web Applications: Issues and Challenges
%J International Journal of Computer Applications
%@ 0975-8887
%V 88
%N 3
%P 26-32
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Due to the increasing complexity of web systems, security testing has become indispensable and critical activity of web application development life cycle. Security testing aims to maintain the confidentiality of the data, to check against any information leakage and to maintain the functionality as intended. It checks whether the security requirements are fulfilled by the web applications when they are subjected to malicious input data. Due to the rising explosion in the security vulnerabilities, there occurs a need to understand its unique challenges and issues which will eventually serve as a useful input for the security testing tool developers and test managers for their relative projects.

References
  1. Security Testing of Web Applications: a Search Based Approach for Cross-Site Scripting Vulnerabilities, Andrea Avancini, Mariano Ceccato , 2011- 11th IEEE International Working Conference on Source Code Analysis and Manipulation.
  2. Special section on testing and security of Web systems Alessandro Marchetto. Published online: 14 October 2008 © Springer Verlag 2008
  3. Solving Some Modeling Challenges when Testing Rich Internet Applications for Security. Suryakant Choudhary1, Mustafa Emre Dincturk1, Gregor v. Bochmann1,3, Guy-Vincent Jourdan1,3 1EECS, University of Ottawa 3IBM Canada CAS Research. Iosif Viorel Onut, Paul Ionescu Research and Development, IBM. 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.
  4. Idea: Automatic Security Testing for Web Applications. Thanh-Binh Dao1 and Etsuya Shibayama2 1 Dept. of Mathematical and Computing Sciences, Tokyo Institute of Technology, 2-12-1 O-okayama Meguro Tokyo Japan 2 Information Technology Center, The University of Tokyo,2-11-16 Yayoi Bunkyo-ku Tokyo Japan F. Massacci, S. T. Redwine Jr. , and N. Zannone (Eds. ): ESSoS 2009, LNCS 5429, pp. 180–184, 2009. _c Springer-Verlag Berlin Heidelberg 2009.
  5. Automatic Test Approach of Web Application for Security (AutoInspect). Kyung Cheol Choi and Gun Ho Lee, Springer-Verlag Berlin Heidelberg 2006.
  6. SUPPORTING SECURITY TESTERS IN DISCOVERING INJECTION FLAWS. Sven T¨urpe, Andreas Poller, Jan Trukenm¨uller, J¨urgen Repp and Christian Bornmann, Fraunhofer-Institute for Secure Information Technology SIT, Rheinstrasse 75,64295 Darmstadt, Germany, 2008 IEEE,Testing: Academic & Industrial Conference - Practice and Research Techniques.
  7. A Database Security Testing Scheme of Web Application, Yang Haixia ,Business College of Shanxi University, Nan Zhihong, Scholl of Information Management,Shanxi University of Finance & Economics,china. Proceedings of 2009 4th International Conference on Computer Science & Education.
  8. State of the Art: Automated Black-Box Web Application Vulnerability Testing. Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell, Stanford University 2010 IEEE Symposium on Security and Privacy.
  9. An Approach Dedicated for Web Service Security Testing, S´ebastien Salva, Patrice Laurencot and Issam Rabhi. 2010 Fifth International Conference on Software Engineering Advances.
  10. Security Testing of Web Applications: A Research Plan by Andrea Avancini,Fondazione Bruno Kessler, 2012 IEEE,ICSE 2012, Zurich, Switzerland , Doctoral Symposium.
  11. Semi-Automatic Security Testing of Web Applications from a Secure Model by Matthias Buchler,Johan Oudinet,Alexander Pretschner, Karlsruhe Institute of Technology, 2012 IEEE Sixth International Conference on Software Security and Reliability.
  12. Testing web applications. Giuseppe Antonio Di Lucca, Anna Rita Fasolino, Francesco Faralli, Ugo De Carlini. Italy. Proceedings of the International Conference on Software MAintenance 2002 IEEE.
  13. Solving some modeling challenges when testing rich internet applications for security Suryakant Choudhary, Mustafa Emre Dincturk, Gregor v. Bochmann, Guy Vincent Jourdan, Iosif Viorel Onut, Paul Ionescu. 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.
  14. Mapping software faults with web security vulnerabilities. Jose Fonseca and Marco Vieira. International conference on Dependable Systems & Networks : Anchorage, Alaska,june 2008 IEEE.
  15. Testing of Web Applications: A Research Plan. Andrea Avancini Fondazione Bruno Kessler, Trento, Italy. 978-1-4673-1067-3/12/$31. 00c 2012 IEEE.
  16. Testing Security Policies for Web Applications. Wissam Mallouli, Gerardo Morales and Ana Cavalli GET/INT, 9 rue Charles Fourier, 91011 Evry Cedex, France. 2008 IEEE International Conference on Software Testing Verification and Validation Workshop (ICSTW'08) 978-0-7695-3388-9/08 $25. 00 © 2008 IEEE.
  17. A Threat Model Driven Approach for Security Testing. Linzhang Wang, Department of Computer Science, Nanjing University, Eric Wong, Department of Computer Science, University of Texas at Dallas, Dianxiang Xu, Department of Computer Science, North Dakota State University. Third International Workshop on Software Engineering for Secure Systems (SESS'07). 2007 IEEE.
  18. Grammar Based Oracle for Security Testing of Web Applications by Andrea Avancini and Mariano Ceccato, Fondazione Bruno Kessler, Trento, Italy. 2012 IEEE,AST 2012, Zurich, Switzerland.
  19. D-WAV: A Web Application Vulnerabilities Detection Tool Using Characteristics of Web Forms. Lijiu Zhang, Qing Gu, Shushen Peng, Xiang Chen, Haigang Zhao, Daoxu Chen State Key Laboratory of Novel Software Technology, Department of Computer Science and Technology, Nanjing University. 2010 Fifth International Conference on Software Engineering Advances.
  20. Grammar Based Oracle for Security Testing of Web Applications Andrea Avancini and Mariano Ceccato, Fondazione Bruno Kessler Trento, Italy. 2012 IEEE.
  21. The Security Requirements Behavior Model for Trustworthy Software Kassem Saleh1 and Maryam Habil2. 1Kuwait University, Dept. of Information Science, 2American University of Sharjah, Dept. of Computer Science. 0-7695-3082-6/08 $25. 00 © 2008 IEEE. 2008 International MCETECH conference on e-technologies.
  22. Challenges for Security Typed Web Scripting Languages Design. Doaa Hassan,National Telecomm. Institute, Sherif El- Kassas,American University in Cairo, Ibrahim Ziedan,Faculty of Engineering,Zagazig University. 2008 IEEE,The Fourth International Conference on Information Assurance and Security.
  23. Enhancing web page security with security style sheets Terri Oda and Anil Somayaji (2011) IEEE.
  24. Assessing and Comparing Security of Web Servers. Naaliel Mendes, Afonso Araújo Neto, João Durães, Marco Vieira, and Henrique Madeira CISUC, University of Coimbra. 2008 14th IEEE Pacific Rim International Symposium on Dependable Computing.
  25. Firewall Security: Policies, Testing and Performance Evaluation. Michael R. Lyu and Lorrien K. Y. Lau. Department of computer science and engineering. The Chinese University of Hong kong, Shatin, HK. 2000 IEEE.
  26. Web application security assessment tools- Mark Curphey and Rudolph Araujo 2006 IEEE security & privacy.
  27. Security Testing in Software Engineering Courses. Andy Ju An Wang. Department of Software Engineering. School of Computing and Software Engineering. Southern Polytechnic State University. 34th ASEE/IEEE Frontiers in Eductaion Conference. 2004 IEEE.
  28. Raising the bar on software testing - Alden Dima, John Wack, and Shukri Wakid (1999)IEEE.
  29. Top 10 Free Web-Mail Security Test Using Session Hijacking Preecha Noiumkar,Thawatchai Chomsiri,Mahasarakham University,Maha sarakham, Thailand. Third 2008 International Conference on Convergence and Hybrid Information Technology. Development of Security Engineering Curricula at US Universities. Mary Lynn Garcia, Sandia National Laboratories. 1998 IEEE.
  30. Automated Security Test Generation with Formal Threat Models Dianxiang Xu, Senior Member, IEEE, Manghui Tu, Michael Sanford, Lijo Thomas, Daniel Woodraska, and Weifeng Xu, Senior Member, IEEE. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 9, NO. 4, JULY/AUGUST 2012.
  31. Testing Web-based applications: The state of the art and future trends. Giuseppe A. Di Lucca a, Anna Rita Fasolino. 0950-5849/$ - see front matter © 2006 Elsevier B. V.
  32. Structural Testing of Web Applications. Chien-Hung Liu David C. Kung Pei Hsia, Department of Computer Science and Engineering. Chih-Tung Hsu, Sun Microsystems, Inc. 0-7695-0807-3/0$01 0. 00 0 2000 IEEE.
  33. Automated Web Application Testing Using Search Based Software Engineering. Nadia Alshahwan and Mark Harman CREST Centre, University College London. 978-1-4577-1639-3/11/$26. 00 c 2011 IEEE.
  34. Agile Security Testing of Web-Based Systems via HTTPUnit. A. Tappenden, P. Beatty, J. Miller, University of Alberta. A. Geras, M. Smith, University of Calgary. Proceedings of the Agile Development Conference (ADC'05) 0-7695-2487-7/05 $20. 00 © 2005 IEEE.
  35. Security Objectives within a Security Testing Case Study. Kaarina Karppinen, Reijo Savola, Mikko Rapeli, Esa Tikkala. Second International Conference on Availability, Reliability and Security (ARES'07). 0-7695-2775-2/07 $20. 00 © 2007 IEEE.
  36. Security Testing: Turning Practice into Theory. Sven Türpe, Fraunhofer Institute for Secure Information Technology SIT. 2008 IEEE International Conference on Software Testing Verification and Validation Workshop (ICSTW'08) 978-0-7695-3388-9/08 $25. 00 © 2008 IEEE.
  37. Automatic Testing of Program Security Vulnerabilities, Hossain Shahriar and Mohammad Zulkernine, School of Computing. 2009 33rd Annual IEEE International Computer Software and Applications Conference.
  38. A new solution for complex security testing, DongHu, Department ofTeaching Affairs. 2009 International Conference on Test and Measurement.
  39. Increasing Trustworthiness Through Security Testing Support. Jose Romero-Mariona; Hadar Ziv; Debra Richardson, University of California, Irvine; Donald Bren School of Information and Computer Sciences. IEEE International Conference on Social Computing / IEEE International Conference on Privacy, Security, Risk and Trust. 978-0-7695-4211-9/10 $26. 00 © 2010 IEEE.
  40. Risk–Based Security Testing in Cloud Computing Environments, Philipp Zech, Institute of Computer Science ,University of Innsbruck, Innsbruck, Austria. 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation.
  41. Model-checking Driven Security Testing of Web-based Applications. Alessandro Armando, Roberto Carbone ,DIST, University of Genova, Genova, Italy ; Luca Compagna,, Keqin Li, Giancarlo Pellegrino, SAP Research, Mougins, France. 978-0-7695-4050-4/10 $26. 00 © 2010 IEEE.
  42. Experiences in Security Testing for Web-based Applications. Chengying Mao, School of Software,, Jiangxi University of Finance and Economics, 330013 Nanchang, P. R. China. ICIS 2009, November 24-26, 2009 Seoul, Korea. Copyright © 2009 ACM 978-1-60558-710-3/09/11. . . $10. 00".
  43. Automated Security Testing of Web. Widget Interactions. Cor-Paul Bezemer, Ali Mesbah, and Arie van Deursen, Delft Univ. of Technology, The Netherlands. ESEC-FSE'09, August 23–28, 2009, Amsterdam, The Netherlands. Copyright 2009 ACM 978-1-60558-001-2/09/08 . . . $5. 00.
  44. Web Security Testing Approaches: Comparison Framework. Fakhredin T. Alssir, Moataz Ahmed, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia. Springer-Verlag Berlin Heidelberg 2012.
  45. Coverage Criteria for Automated Security Testing of Web Applications. Thanh Binh Dao, Dept of mathematical and computing sciences ,Tokyo ins. Of tech. , Japan and Etsuya Shibayama, Information Technology Centre, the university of Tokyo, Japan. Springer-Verlag Berlin Heidelberg 2010.
  46. Web Security : Research Challenges and Open Issues. V. Geetha and Pranesh V. Kallapur, Dept of information technology, NITK, Karnataka, India. Springer-Verlag Berlin Heidelberg 2010.
Index Terms

Computer Science
Information Sciences

Keywords

Web applications Security testing Vulnerabilities

Powered by PhDFocusTM