Some Modeling Challenges When Testing Rich Internet Applications for Security

Author

Benjamin, Kamara ; Bochmann, Gregor V. ; Jourdan, Guy-Vincent ; Onut, Iosif-Viorel

Author_Institution

Sch. of Inf. Technol. & Eng., Univ. of Ottawa, Ottawa, ON, Canada

fYear

2010

fDate

6-10 April 2010

Firstpage

403

Lastpage

409

Abstract

Web-based applications are becoming more ubiquitous day by day, and among these applications, a new trend is emerging: rich Internet applications (RIAs), using technologies such as Ajax, Flex, or Silverlight, break away from the traditional approach of Web applications having server-side computation and synchronous communications between the web client and servers. RIAs introduce new challenges, new security vulnerabilities, and their behavior makes it difficult or impossible to test with current web-application security scanners. A new model is required to enable automated scanning of RIAs for security. In this paper, we evaluate the shortcomings of current approaches, we elaborate a framework that would permit automated scanning of RIAs, and we provide some directions to address the open problems.

Keywords

Internet; client-server systems; program testing; security of data; Web based application; Web client; Web server; data security; rich Internet applications testing; server side computation; Application software; Automatic testing; Data security; Internet; Protocols; Rendering (computer graphics); Software standards; Software testing; Software tools; Web server; formal models; rich Internet applications; software security;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Testing, Verification, and Validation Workshops (ICSTW), 2010 Third International Conference on

Conference_Location

Paris

Print_ISBN

978-1-4244-6773-0

Type

conf

DOI

10.1109/ICSTW.2010.46

Filename

5463679