3. Introduction
O Web applications are becoming more popular in
means of modern information interaction, which
leads to a growth of the demand of Web
applications.
O At the same time, Web application
vulnerabilities are drastically increasing.
O One of the most important software security
practices that is used to mitigate the increasing
number of vulnerabilities is security testing.
4. Continue…
O One of the security testing is Model-Based
Vulnerability Testing(MBVT).
5. MBVT
O Model-Based Vulnerability Testing (MBVT)
for Web applications, aims at improving the
accuracy and precision of vulnerability
testing.
O Accuracy:- capability to focus on the relevant
part of the software
O Precision:- capability to avoid both false
positive and false negative.
O MBVT adapted the traditional approach of
Model-Based Testing (MBT) in order to
generate vulnerability test cases for Web
applications.
7. DVWA Example using MBVT
Approach
O DVWA:- Damn Vulnerable Web Application
O DVWA is an open-source Web application test
bed, based on PHP/MySQL.
O DVWA embeds several vulnerabilities(like SQL
Injection and Blind SQL Injection, and Reflected
and Stored XSS).
8. O In this example we will focus on RXSS
vulnerabilities through form fields.
O RXSS is one of the major breach because it is
highly used and its exploitation leads to severe
risks.
O We will apply the four activities of MBVT
approach to DVWA.
9. 1. Formalizing Vulnerability Test Patterns
into Test Purposes
O Vulnerability Test Patterns (vTP) are the initial
artefacts of our approach.
O A vTP expresses the testing needs and
procedures allowing the identification of a
particular breach in a Web application.
11. O A test purpose is a high level expression that
formalizes a test intention linked to a testing
objective.
O We propose test purposes as a mean to drive
the automated test generation.
O Smartesting Test Purpose Language is a textual
language based on regular expressions,
allowing the formalization of vulnerability test
intention in terms of states to be reach and
operations to be called.
13. 2. Modeling:-
O The modeling activity produces a model based
on the functional specifications of the
application, and on the test purposes.
Class diagram of the SUT structure, for our MBVT approach
14. 3. Test Generation:-
O The main purpose of the test generation activity
is to produce test cases from both the model
and the test purposes.
O This activity consists of three phases.
O The first phase transforms the model and the
test purposes into elements usable by the
Smartesting CertifyIt MBT tool.
15. O The second phase produces the abstract test
cases from the test targets.
O The third phase exports the abstract test cases
into the execution environment.
17. 4. Adaptation and test execution:-
a. Adaptation:-
O During the modeling activity, all data used by
the application, are modeled in a abstract way.
O Hence, the test suite can’t be executed as it is.
O So, the generated abstract test cases are
translated into executable scripts.
18. b. Test Execution:-
O The adapted test cases are executed in order to
produce a verdict.
O There is a new terminology fitting the
characteristics of a test execution:-
Attack-pass
Attack-fail
Inconclusive
O Our model defines four malicious data dedicated
to Reflected XSS attacks.
19. O These values are defined in an abstract way,
and must be adapted.
O Each of them is mapped to a concrete value, as
shown in figure:
Mapping between abstract and concrete
values
22. References
O www.infoq.com/articles/defending-against-web-
application-vulnerabilities
O G Erdogan - 2009 - ntnu.diva-portal.org
O http://narainko.wordpress.com/2012/08/26/unde
rstanding-false-positive-and-false-negative
O http://istina.msu.ru/media/publications/articles/5
db/2e2/2755271/OWASP-AppSecEU08-
Petukhov.pdf
O http://www.spacios.eu/sectest2013/pdfs/sectest
2013_submission_8.pdf