Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
CbdA: Cloud Computing Based DMIS on ANEKA Kapitel lesen Erstes Kapitel lesen

2017 | OriginalPaper | Buchkapitel

Security of Web Application: State of the Art

Research Theories and Industrial Practices

verfasst von : Habib ur Rehman, Mohammed Nazir, Khurram Mustafa

Erschienen in: Information, Communication and Computing Technology

Verlag: Springer Singapore

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

As complexity inherent in web application is growing rapidly. Testing web applications with more sophisticated approaches is essentially needed. Several approaches for security testing are available, but only a few of them are appreciated in common IT industries and hence in practice. The paper recapitulates the current approaches, considering the limitations of real world applications. An effort has been made in the direction of bridging the gaps with the study of foremost web security concerns and the current web testing techniques, including their strengths and weaknesses. The paper highlights the security issues pertinent to web applications, along with actual practices in industries related to these issues. It also includes gap between practices and theories in the industry.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Ontology-Driven Shopping Cart and Its Comparative Analysis
Nächstes Kapitel Ring Segmented and Block Analysis Based Multi-feature Evaluation Model for Contrast Balancing
Literatur
1.
Abramson, M., Aha, D.W.: User Authentication from web browsing behavior. In: Proceedings of the Twenty-Sixth International Florida Artificial Intelligence Research Society Conference, pp. 268–273. Naval Research Lab, Washington DC (2013)
2.
Alalfi, M.H., Cordy, J.R., Dean, T.R.: Modelling methods for web application verification and testing: state of the art. Softw. Test Verif. Reliab. 19, 265–296 (2009)CrossRef
3.
Alshahwan, N., Harman, M.: Automated web application testing using search based software engineering. In: 26th IEEE/ACM International Conference on Automated Software Engineering pp. 3–12. IEEE Computer Society, Washington DC (2011)
4.
Andrews, A.A., Offutt, J., Alexander, R.T.: Testing Web applications by modeling with FSMs. Softw. Syst. Model. 4, 32–345 (2005)CrossRef
5.
Anwer, F., Nazir, M., Mustafa, K.: Automatic testing of inconsistency caused by improper error handling: a safety and security perspective. In: 2014 International Conference On Information and Communication Technology For Competitive Strategies, pp. 43–49. ACM, New York (2014)
6.
Anwer, F., Nazir, M., Mustafa, K.: Security Testing, pp. 35–66. Springer, Singapore (2017)
7.
OWASP Top 10–2013.: The ten most critical web application security risks (2013)
8.
Chevalley, P., Thenod-Fosse, P.: A mutation analysis tool for Java programs. Int. J. Softw. Tools Technol. Transfer 5, 90–103 (2003)CrossRef
9.
Dukes, L., Yuan, X., Akowuah, F.: A case study on web application security testing with tools and manual testing. In: IEEE Computer Society Southeastcon Proceedings, pp. 1–6 (2013)
10.
Elbaum S., Karre S., Rothermel G.: Improving web application testing with user session data. In: 25th International Conference on Software Engineering, vol. 03. pp. 49–59. IEEE Computer Society, Washington DC (2003)
11.
Evans, M., Maglaras, L.A., He, Y., Janicke, H.: Human behaviour as an aspect of cybersecurity assurance. Secur. Commun. Netw. 9, 4667–4679 (2016)CrossRef
12.
Frantzen, L., de las Nieves Huerta, M., Kiss, Z.G., Wallet, T.: On-the-fly model-based testing of web services with jambition. In: International Workshop on Web Services and Formal Methods. pp. 143–157, Springer, Heidelberg (2008)
13.
Tian-Yang, G., Yin-Sheng, S., You-Yuan, F.: Research on software security testing. World Acad. Sci. Eng. Technol. Issue 69, 647–651 (2010)
14.
Hope, P., Walther, B.: Web Security Testing Cookbook™: Systematic Techniques to Find Problems Fast, O’Reilly Media, Inc. (2009). ISBN: 978-0-596-51483-9
15.
Li, X., Xue, Y.: A survey on web application security. Technical Report, Vanderbilt University (2011)
16.
Li, Y.F., Das, P.K., Dowe, D.L.: Two decades of web application testing—a survey of recent advances. Inf. Syst. 43, 20–54 (2014)CrossRef
17.
Mayhew, D. J.: The usability engineering lifecycle. In: 98th Conference Summary on Human Factors in Computing Systems. pp. 127–128. ACM, New York (1998)
18.
Myagmar, S., Lee, A.J., Yurcik, W.: Threat modeling as a basis for security requirements. In: Symposium on Requirements Engineering for Information Security, Symposium SREIS, pp. 1–8 (2005)
19.
Nguyen, Q.V., Madeyski, L.: Problems of mutation testing and higher order mutation testing. In: Advanced Computational Methods For Knowledge Engineering, pp. 157–172, Springer International Publishing, New York (2014)
20.
21.
Praphamontripong U., Offutt J.: Applying mutation testing to web applications. In: ICST Workshops, pp. 132–141 (2010)
22.
Qian, Z.: Test case generation and optimization for user session-based web application testing. J. Comput. 5, 1655–1662 (2010)
23.
Qian, Z., Miao, H.: Towards testing web applications: a PFSM-based approach. Adv. Mater. Res. 1, 220–224 (2011)CrossRef
24.
Raghavan, S.V., Dawson, E.: An Investigation into the detection and mitigation of denial of service (Dos) Attacks: Critical Information Infrastructure Protection. Springer Science & Business Media, New York (2011)CrossRef
25.
Ricca F., Tonella P.: Analysis and testing of web applications. In: 23rd International Conference on Software Engineering, ICSE, vol. 01, pp. 25–34. IEEE Computer Society, Washington, DC (2001)
26.
Robert S., Philip S.: Client-side attacks and defense. In: Syngress (2012). ISBN: 978-1-59749-590-5
27.
Sakti, A., Guéhéneuc, Y.G., Pesant, G.: Constraint-based fitness function for search-based software testing. In: Integration of AI and OR Techniques in Constraint Programming for Combinatorial Optimization Problems, pp. 378–385. Springer, Heidelberg (2013)
28.
Salas, M.I.P., Martins, E.: Security testing methodology for vulnerabilities detection of XSS in web services and WS-security. Elec. Notes Theor. Comput. Sci 302, 133–154 (2014)CrossRef
29.
Salas, P.A.P., Krishnan, P., Ross, K.J.: Model-based security vulnerability testing. In: IEEE Computer Society 18th Australian Software Engineering Conference, vol. 07, pp. 284–296 (2007)
30.
Sampath S., Mihaylov V., Souter A., Pollock L.: A scalable approach to user-session based testing of Web applications through concept analysis. In: 19th International Conference on Automated Software Engineering, pp. 132–141 (2004)
31.
Sampath S., Souter A., Pollock L.: Towards defining and exploiting similarities in web application use cases through user session analysis, pp. 17–24. IEEE Seminar Digests (2004)
32.
33.
Turpe, S.: Security testing: turning practice into theory. In: IEEE International Conference Software Testing Verification and Validation Workshop, vol. 08, pp. 294–302 (2008)
Metadaten
Titel
Security of Web Application: State of the Art
verfasst von
Habib ur Rehman
Mohammed Nazir
Khurram Mustafa
Copyright-Jahr
2017
Verlag
Springer Singapore
Buch
Information, Communication and Computing Technology

Print ISBN: 978-981-10-6543-9

Electronic ISBN: 978-981-10-6544-6

Copyright-Jahr: 2017

DOI
https://doi.org/10.1007/978-981-10-6544-6_17