Black-box web application vulnerability scanners are automated tools that probe web applications for security vulnerabilities In order to assess the current state of the art, we obtained access to eight leading tools and carried out a study of: (i) the class of vulnerabilities tested by these scanners, (ii) their effectiveness against target vulnerabilities, and (iii) the relevance of the target vulnerabilities to vulnerabilities found in the wild To conduct our study we used a custom web application vulnerable to known and projected vulnerabilities, and previous versions of widely used web applications containing known vulnerabilities Our results show the promise and effectiveness of automated tools, as a group, and also some limitations In particular, "stored" forms of Cross Site Scripting (XSS) and SQL Injection (SQLI) vulnerabilities are not currently found by many tools Because our goal is to assess the potential of future research, not to evaluate specific vendors, we do not report comparative data or make any recommendations about purchase of specific tools

/pdf/state-of-the-art-automated-black-box-web-application-2o7akal2al.pdf

State of the art automated black-box web application vulnerability testing

The Bayesian network (BN) is a powerful model for probabilistic knowledge representation and inference and is increasingly used in the field of reliability evaluation. This paper presents a bibliographic review of BNs that have been proposed for reliability evaluation in the last decades. Studies are classified from the perspective of the objects of reliability evaluation, i.e., hardware, structures, software, and humans. For each classification, the construction and validation of a BN-based reliability model are emphasized. The general procedural steps for BN-based reliability evaluation, including BN structure modeling, BN parameter modeling, BN inference, and model verification and validation, are investigated. Current gaps and challenges in reliability evaluation with BNs are explored, and a few upcoming research directions that are of interest to reliability researchers are identified.

/pdf/application-of-bayesian-networks-in-reliability-evaluation-4bp1rbtp1x.pdf

Application of Bayesian Networks in Reliability Evaluation

Model-based security testing relies on models to test whether a software system meets its security requirements. It is an active research field of high relevance for industrial applications, with many approaches and notable results published in recent years. This article provides a taxonomy for model-based security testing approaches. It comprises filter criteria i.e.i¾?model of system security, security model of the environment and explicit test selection criteria as well as evidence criteria i.e.i¾?maturity of evaluated system, evidence measures and evidence level. The taxonomy is based on a comprehensive analysis of existing classification schemes for model-based testing and security testing. To demonstrate its adequacy, 119 publications on model-based security testing are systematically extracted from the five most relevant digital libraries by three researchers and classified according to the defined filter and evidence criteria. On the basis of the classified publications, the article provides an overview of the state of the art in model-based security testing and discusses promising research directions with regard to security properties, coverage criteria and the feasibility and return on investment of model-based security testing. Copyright © 2015 John Wiley & Sons, Ltd.

https://qe-informatik.uibk.ac.at/wp-content/uploads/2014/03/Felderer_et_al-2015-Software_Testing_Verification_and_Reliability.pdf

Model-based security testing: a taxonomy and systematic classification

Bayesian network model for task effort estimation in agile software development

This chapter gives an overview of the field of model-based testing (MBT), particularly the recent advances in the last decade. It gives a summary of the MBT process, the modeling languages that are currently used by the various communities who practice MBT, the technologies used to generate tests from models, and discusses best practices, such as traceability between models and tests. It also briefly describes several findings from a recent survey of MBT users in industry, outlines the increasingly popular use of MBT for security testing, and discusses future challenges for MBT.

Recent Advances in Model-Based Testing

The penetration test is a crucial way to enhance the security of web applications. Improving accuracy is the core issue of the penetration test research. The test case is an important factor affecting the penetration test accuracy. In this paper, we discuss how to generate more effective penetration test case inputs to detect the SQL injection vulnerability hidden behind the inadequate blacklist filter defense mechanism in web applications. We propose a model based penetration test method for the SQL injection vulnerability, in which the penetration test case generation is divided into two steps: i) Building model for the penetration test case, and ii) Instantiating the model of penetration test case. Our method can generate test case covering more types and patterns of SQL injection attack input to thoroughly test the blacklist filter mechanism of web applications. Experiments show the penetration test case generated by our method can effectively find the SQL injection vulnerabilities hidden behind the inadequate blacklist filter defense mechanism thus reduce the false negative and improve test accuracy.

Attack Model Based Penetration Test for SQL Injection Vulnerability

The invention discloses a method for evaluating a pure XML engine of a relational database system, which comprises function evaluation and performance evaluation of the pure XML engine of the relational database system. The method comprises the following steps of: designing a set of complete test scene according to the characteristics of the pure XML engine on a relational database, simulating a document management system, designing and generating an XML document set serving as a test data set, designing a test transaction set comprising a query transaction set and an update transaction set according to W3C standards, operating individual query and statement update as function test and operating concurrent loads of multiple query and update transactions as performance test by using an SQL/XML language to comprehensively evaluate the storage capability, index capability, bearing capability and the like of the database system, and defining an evaluation index set. The method proved by experiments on the database of DB2 and the like has universal meaning, systematicness and completeness, and can be used in the field of database test.

Method for evaluating pure XML engine of relational database system

Access control is an extremely important and error-prone practice during web application. The emergence of NoSQL databases and the flexible data models they bring impose new challenges on the implementation of access control within web applications. This paper presents Scout, a novel methodology for discovering access control vulnerabilities in existing web applications. Meanwhile (1) features of NoSQL database can be addressed and (2) neither application source code nor server-side session information from the developers is required. This paper implements a prototype of Scout, which targets MongoDB backend web applications. By automatically discovering the protocol layer in the web application stack, Scout introduces a data access operation model precisely representing the MongoDB actions performed in the web application, as well as inferring the access control policies. The prototype is shown to be able to identify comprehensive access control vulnerabilities in MongoDB backend web applications, and generate detailed report as the facilitator to manually fix the identified vulnerabilities.

Toward Exploiting Access Control Vulnerabilities within MongoDB Backend Web Applications

An evaluation model for dependability of Internet-scale software on basis of Bayesian Networks and trustworthiness

Internet-scale software becomes an important mode of constructing software systems with the development of internet. Open, dynamic and uncontrollable Internet environment makes dependability evaluation of Internet-scale software very important. It is lack of a dependability evaluation model that analyzes system architecture from the most foundational elements and integrate aspects that impacts on the system, such as the technical, organizational, decisional and human aspects. This paper proposes an evaluation model of dependability for Internet-scale software on the basis of Bayesian Networks. The model analyzes the structure of Internet-scale software and establishes an evaluation system of dependability for Internet-scale software including static metrics, dynamic metrics, prior metrics and correction metrics. It integrates subjective and objective factors which impact on system quality. In this paper, we build Bayesian Network according to the structure analysis and refer to a bottom-up method that use Bayesian reasoning to analyses and calculate entity dependability and integration dependability layer by layer. A unified dependability of the whole system is worked out and is corrected by objective data. The analysis of experiment in a real system proves that the model in this paper is capable of evaluating the dependability of Internet-scale software clearly and objectively. Moreover, it offers effective help to the design, development, deployment and assessment of Internet-scale software.

Guannan Si

Papers

Attack Model Based Penetration Test for SQL Injection Vulnerability

Method for evaluating pure XML engine of relational database system

Toward Exploiting Access Control Vulnerabilities within MongoDB Backend Web Applications

An evaluation model for dependability of Internet-scale software on basis of Bayesian Networks and trustworthiness

An Evaluation Model for Dependability of Internet-Scale Software on Basis of Bayesian Networks