DocumentCode :
625550
Title :
VERA: A Flexible Model-Based Vulnerability Testing Tool
Author :
Blome, Abian ; Ochoa, M. ; Keqin Li ; Peroli, Michele ; Dashti, Mohammad Torabi
Author_Institution :
Siemens AG, Germany
fYear :
2013
fDate :
18-22 March 2013
Firstpage :
471
Lastpage :
478
Abstract :
There exist an abundant number of tools for aiding developers and penetration testers to spot common software security vulnerabilities. However, testers are often confronted with situations where existing tools are of little help because a) they do not account for a particular configuration of the SUT and b) they do not include tests for certain vulnerabilities. To cope with this we propose a tool that allows users to define attacker models where the payloads and the behavior are cleanly separated and that abstract away from low-level implementation details such as HTTP requests.
Keywords :
program testing; security of data; software tools; HTTP requests; SUT configuration; VERA; attacker models; flexible model-based vulnerability testing tool; low-level implementation details; penetration testers; software developers; software security vulnerabilities; Data models; Libraries; Load modeling; Security; Semantics; Testing; Unified modeling language; Security; Testing; Extended finite state machines;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Software Testing, Verification and Validation (ICST), 2013 IEEE Sixth International Conference on
Conference_Location :
Luembourg
Print_ISBN :
978-1-4673-5961-0
Type :
conf
DOI :
10.1109/ICST.2013.65
Filename :
6569762
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=625550
بازگشت