IRMA-International.org: Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations

Method Using Command Abstraction Library for Iterative Testing Security of Web Applications

Method Using Command Abstraction Library for Iterative Testing Security of Web Applications
View Sample PDF
Author(s): Seiji Munetoh (The Graduate University for Advanced Studies (SOKENDAI), Japan & IBM Research, Japan)and Nobukazu Yoshioka (National Institute of Informatics (NII), Japan & The Graduate University for Advanced Studies (SOKENDAI), Japan)
Copyright: 2018
Pages: 24
Source title: Application Development and Design: Concepts, Methodologies, Tools, and Applications
Source Author(s)/Editor(s): Information Resources Management Association (USA)
DOI: 10.4018/978-1-5225-3422-8.ch008

Purchase

View Method Using Command Abstraction Library for Iterative Testing Security of Web Applications on the publisher's website for pricing and purchasing information.

Abstract

A framework based on a scripting language is commonly used in Web application development, and high development efficiency is often achieved by applying several Agile development techniques. However, the adaptation of security assurance techniques to support Agile development is still underway, particularly from the developer's perspective. The authors have addressed this problem by developing an iterative security testing method that splits the security test target application into two parts on the basis of the code lifecycle, application logic (“active development code”) and framework (“used code”). For the former, detailed security testing is conducted using static analysis since it contains code that is changed during the iterative development process. For the latter, an abstraction library at the command granularity level is created and maintained. The library identifies the behavior of an application from the security assurance standpoint. This separation reduces the amount of code to be statically inspected and provides a mechanism for sharing security issues among application developers using the same Web application framework. Evaluation demonstrated that this method can detect various types of Web application vulnerabilities.

Related Content

Babita Srivastava. © 2024. 21 pages.
Sakuntala Rao, Shalini Chandra, Dhrupad Mathur. © 2024. 27 pages.
Satya Sekhar Venkata Gudimetla, Naveen Tirumalaraju. © 2024. 24 pages.
Neeta Baporikar. © 2024. 23 pages.
Shankar Subramanian Subramanian, Amritha Subhayan Krishnan, Arumugam Seetharaman. © 2024. 35 pages.
Charu Banga, Farhan Ujager. © 2024. 24 pages.
Munir Ahmad. © 2024. 27 pages.
Body Bottom