计算机应用与软件2018,Vol.35Issue(2):30-35,101,7.DOI:10.3969/j.issn.1000-386x.2018.02.005
基于扩展FSM的Web应用安全测试研究
RESEARCH ON WEB APPLICATION SECURITY TESTING BASED ON EXTENDED FSM
李栋1
作者信息
- 1. 上海大学计算机工程与科学学院 上海 200072
- 折叠
摘要
Abstract
Due to the characteristics and implementation of its own, Web application is very fragile when getting malicious attacks.In order to improve the security of Web application,it is necessary to design reasonable and effective test method based on its characteristics.This paper proposed a method to model the possible vulnerabilities of Web applications by using the extended finite state machine model to generate a threat model and analyze the abstract security test cases.By combining the test data generated based on the syntax,the abstract security test cases were converted into executable security test cases of implement level.According to the article content design,we developed a prototype tool. Taking a Web shopping site as the system under test,the feasibility and effectiveness of the method were verified in the experiment.关键词
基于模型的安全测试/Web应用/威胁模型/安全测试用例Key words
Mode-based security testing/Web application/Threat model/Security test case分类
信息技术与安全科学引用本文复制引用
李栋..基于扩展FSM的Web应用安全测试研究[J].计算机应用与软件,2018,35(2):30-35,101,7.
