We present a platform for software security testing primarily designed to support human testers in discovering injection flaws in distributed systems. Injection is an important class of security faults, caused by unsafe concatenation of input into strings interpreted by other components of the system. Examples include two of the most common security issues in Web applications, SQL injection and cross site scripting. This paper briefly discusses the fault model, derives a testing strategy that should discover a large subset of the injection flaws present, and describes a platform that helps security testers to discover injection flaws through dynamic grey-box testing. Our platform combines the respective strengths of machines and humans, aut...
Web application firewalls are an indispensable layer to protect online systems from attacks. However...
The thesis discusses the issues of penetration testing of web applications, focusing on the Cross-Si...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
We present a platform for software security testing primarily designed to support human testers in d...
Modern software is plagued by elusive corner-case bugs (e.g., security vulnerabilities). There are n...
International audienceFault injection is a well known method to test the robustness and security vul...
Abstract—The increasing reliance put on networked computer systems demands higher levels of dependab...
Nowadays web applications have critical logical holes (bug) affecting its security, Thus it makes ap...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
This paper proposes an approach to facilitate the identification of actual input manipulation vulner...
In this paper we propose a philosophy and a model apparatus to assess web application security instr...
Today almost all organizations have changed their traditional systems and have improved their perfor...
More than half of all of the vulnerabilities re-ported can be classified as input manipulation, such...
Web applications are progressively developing and applied in most aspects of life. However, there ex...
Despite of the existence of several techniques for emulating software faults, there are still open i...
Web application firewalls are an indispensable layer to protect online systems from attacks. However...
The thesis discusses the issues of penetration testing of web applications, focusing on the Cross-Si...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
We present a platform for software security testing primarily designed to support human testers in d...
Modern software is plagued by elusive corner-case bugs (e.g., security vulnerabilities). There are n...
International audienceFault injection is a well known method to test the robustness and security vul...
Abstract—The increasing reliance put on networked computer systems demands higher levels of dependab...
Nowadays web applications have critical logical holes (bug) affecting its security, Thus it makes ap...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
This paper proposes an approach to facilitate the identification of actual input manipulation vulner...
In this paper we propose a philosophy and a model apparatus to assess web application security instr...
Today almost all organizations have changed their traditional systems and have improved their perfor...
More than half of all of the vulnerabilities re-ported can be classified as input manipulation, such...
Web applications are progressively developing and applied in most aspects of life. However, there ex...
Despite of the existence of several techniques for emulating software faults, there are still open i...
Web application firewalls are an indispensable layer to protect online systems from attacks. However...
The thesis discusses the issues of penetration testing of web applications, focusing on the Cross-Si...
Web services are increasingly adopted in various domains, from finance and e-government to social me...