Idea: Automatic security testing for web applications

Abstract

With the increasingly important role of web applications in online services and business systems, vulnerabilities such as SQL Injection have become serious security threats. Finding these vulnerabilities by manual testing is a time-consuming and error-prone practice that may result in some potential vulnerabilities being missed due to some execution branches being missed. In this paper, we describe an automatic security testing method to find vulnerabilities in web applications; this method utilizes test data generation techniques for improving the code coverage. Our security testing involves automatic attack request generation and automatic security checking using dynamic tainting technique that detects dangerous contents originating from untrustworthy sources in commands and outputs. Automatic constraint-based test data generation helps to create test data for executing program branches that may have remained unexecuted in previous tests. The experimental results indicate that our method is effective to find new vulnerabilities, and test data generation may help to improve the effectiveness of detection. © 2009 Springer Berlin Heidelberg.