IRMA-International.org: Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations
navleft navright Research IRM Open Access IRMA Journals IRM Books Proceedings Membership

The IRMA Community

Calls for Papers
Online Symposium
Newsletters

Research IRM

Click a keyword to search titles using our InfoSci-OnDemand powered search:

Method Using Command Abstraction Library for Iterative Testing Security of Web Applications

Method Using Command Abstraction Library for Iterative Testing Security of Web Applications
View Sample PDF
Author(s): Seiji Munetoh (The Graduate University for Advanced Studies (SOKENDAI), Japan & IBM Research, Japan)and Nobukazu Yoshioka (National Institute of Informatics (NII), Japan & The Graduate University for Advanced Studies (SOKENDAI), Japan)
 Copyright: 2018
 Pages: 24
 Source title: Application Development and Design: Concepts, Methodologies, Tools, and Applications
Source Author(s)/Editor(s): Information Resources Management Association (USA)
 DOI: 10.4018/978-1-5225-3422-8.ch008

Purchase

View Method Using Command Abstraction Library for Iterative Testing Security of Web Applications on the publisher's website for pricing and purchasing information.

Abstract

A framework based on a scripting language is commonly used in Web application development, and high development efficiency is often achieved by applying several Agile development techniques. However, the adaptation of security assurance techniques to support Agile development is still underway, particularly from the developer's perspective. The authors have addressed this problem by developing an iterative security testing method that splits the security test target application into two parts on the basis of the code lifecycle, application logic (“active development code”) and framework (“used code”). For the former, detailed security testing is conducted using static analysis since it contains code that is changed during the iterative development process. For the latter, an abstraction library at the command granularity level is created and maintained. The library identifies the behavior of an application from the security assurance standpoint. This separation reduces the amount of code to be statically inspected and provides a mechanism for sharing security issues among application developers using the same Web application framework. Evaluation demonstrated that this method can detect various types of Web application vulnerabilities.

Related Content

Subhadip Kowar, Sneha Mukherjee, Shramana Ghosh. © 2025. 26 pages.
C. V. Suresh Babu, Mala Raja Sekhar, A. Sachin, Bala Brindha. © 2025. 26 pages.
A. D. N. Sarma. © 2025. 32 pages.
Muhammad Usman Tariq. © 2025. 26 pages.
Maaike Stoops, Pablo Alfonso Aguilar Calderón, Óscar Manuel Peña Bañuelos. © 2025. 30 pages.
Pablo Alfonso Aguilar Calderón, José Alfonso Aguilar-Calderón, Dominik Morales-Silva, Carolina Tripp-Barba, Pedro Alfonso Aguilar-Calderón, Aníbal Zaldívar-Colado, Oscar Manuel Peña-Bañuelos. © 2025. 30 pages.
Carlos Villarrubia, David Granada, Juan Manuel Vara. © 2025. 34 pages.
IRMA Offers Over 2,500 Full Text Open Access Research Papers for Free Download Click to Start Searching Free IRM Research!

IRMA Sponsors

Sponsor IGI Global

Sponsor eContentPro

Encyclopedia of Information Science and Technology, Fourth Edition
Body Bottom
About Us | Contact | Sitemap | Legal | Policies
Copyright ©2025, Information Resources Management Association. 701 East Chocolate Avenue, Hershey, PA 17033.