Perturbation-based user-input-validation testing of web applications |
| |
Authors: | Nuo Li [Author Vitae] Maozhong Jin [Author Vitae] |
| |
Affiliation: | a Department of Computer Science, North Carolina State University, NC 27695, USA b School of Computer Science and Engineering, Beihang University, Beijing 100083, China |
| |
Abstract: | User-input-validation (UIV) is the first barricade that protects web applications from application-level attacks. Most UIV test tools cannot detect semantics-related vulnerabilities in validators, such as filling a five-digit number to a field that accepts a year. To address this issue, we propose a new approach to generate test inputs for UIV based on the analysis of client-side information. In particular, we use input-field information to generate valid inputs, and then perturb valid inputs to generate invalid test inputs. We conducted an empirical study to evaluate our approach. The empirical result shows that, in comparison to existing vulnerability scanners, our approach is more effective than existing vulnerability scanners in finding semantics-related vulnerabilities of UIV for web applications. |
| |
Keywords: | Software testing Web-application testing User-input-validation testing |
本文献已被 ScienceDirect 等数据库收录! |
|