• DocumentCode
    2351605
  • Title

    Model-Checking Driven Security Testing of Web-Based Applications

  • Author

    Armando, Alessandro ; Carbone, Roberto ; Compagna, Luca ; Li, Keqin ; Pellegrino, Giancarlo

  • Author_Institution
    DIST, Univ. of Genova, Genova, Italy
  • fYear
    2010
  • fDate
    6-10 April 2010
  • Firstpage
    361
  • Lastpage
    370
  • Abstract
    Model checking and security testing are two verification techniques available to help finding flaws in security-sensitive, distributed applications. In this paper, we present an approach to security testing of web-based applications in which test cases are automatically derived from counterexamples found through model checking. We illustrate our approach by discussing its application against of the SAML-based Single Sign-On for Google Apps.
  • Keywords
    Internet; distributed processing; program testing; program verification; security of data; Google Apps; SAML-based single sign-on; Web-based application; distributed application; model checking; security testing; security-sensitive application; test case; verification technique; Application software; Authorization; Automatic testing; Information security; Isolation technology; Logic; Phase detection; Protocols; Software testing; System testing; model checking; security testing; web-based applications;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Testing, Verification, and Validation Workshops (ICSTW), 2010 Third International Conference on
  • Conference_Location
    Paris
  • Print_ISBN
    978-1-4244-6773-0
  • Type

    conf

  • DOI
    10.1109/ICSTW.2010.54
  • Filename
    5463670
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2351605