• DocumentCode
    625550
  • Title

    VERA: A Flexible Model-Based Vulnerability Testing Tool

  • Author

    Blome, Abian ; Ochoa, M. ; Keqin Li ; Peroli, Michele ; Dashti, Mohammad Torabi

  • Author_Institution
    Siemens AG, Germany
  • fYear
    2013
  • fDate
    18-22 March 2013
  • Firstpage
    471
  • Lastpage
    478
  • Abstract
    There exist an abundant number of tools for aiding developers and penetration testers to spot common software security vulnerabilities. However, testers are often confronted with situations where existing tools are of little help because a) they do not account for a particular configuration of the SUT and b) they do not include tests for certain vulnerabilities. To cope with this we propose a tool that allows users to define attacker models where the payloads and the behavior are cleanly separated and that abstract away from low-level implementation details such as HTTP requests.
  • Keywords
    program testing; security of data; software tools; HTTP requests; SUT configuration; VERA; attacker models; flexible model-based vulnerability testing tool; low-level implementation details; penetration testers; software developers; software security vulnerabilities; Data models; Libraries; Load modeling; Security; Semantics; Testing; Unified modeling language; Security; Testing; Extended finite state machines;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Testing, Verification and Validation (ICST), 2013 IEEE Sixth International Conference on
  • Conference_Location
    Luembourg
  • Print_ISBN
    978-1-4673-5961-0
  • Type

    conf

  • DOI
    10.1109/ICST.2013.65
  • Filename
    6569762
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=625550