Next, the attack traces are translated into concrete test cases by using a 2-step mapping. Then, a model-checker outputs attack traces that exploit those vulnerabilities. First, we mutate the model to introduce specific vulnerabilities present in web applications. We present here a methodology for testing web applications starting from a secure model. However, bridging the gap between an abstract attack trace output by a model-checker and a penetration test on the real web application is still an open issue. Recently, model-checkers dedicated to security analysis have proved their ability to identify complex attacks on web-based security protocols. Penetration testing is considered an art the success of a penetration tester in detecting vulnerabilities mainly depends on his skills. The increasing complexity of such applications and the subtlety of today's attacks make it very hard for developers to manually secure their web applications. Web applications are a major target of attackers.
0 Comments
Leave a Reply. |