论文信息 - Agile security testing of Web-based systems via HTTPUnit

Agile security testing of Web-based systems via HTTPUnit

The technological advancements of Web-based systems and the shift to iterative and evolutionary development processes have given rise to the idea of agile security testing, where the principles and practices of agile testing are applied to the domain of security testing. This paper explores common vulnerabilities for Web applications and proposes two synergistic approaches for mitigating them. The first approach is to employ a highly testable architecture in the development of Web-based systems, and the second is to support the security testing process using the open source unit testing framework HTTPUnit. The overall testing strategy mingles well with agile development efforts and gives the development team an opportunity to produce applications that have the "right" functionality and the "right" level of security.

James Miller | Andrew F. Tappenden | Patricia Beatty | P. Beatty | James Miller

[1] Philippe Kruchten,et al. Towards agile security assurance , 2004, NSPW '04.

[2] A. Jefferson Offutt,et al. Bypass testing of Web applications , 2004, 15th International Symposium on Software Reliability Engineering.

[3] Scott W. Ambler,et al. The Object Primer: Agile Model-Driven Development with UML 2.0 , 2004 .

[4] John Linn,et al. Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures , 1989, RFC.

[5] Richard Hightower,et al. Java tools for eXtreme Programming: mastering open source tools including, Ant, JUnit, and Cactus , 2001 .

[6] Konstantin Beznosov,et al. Extreme Security Engineering: On Employing XP Practices to Achieve , 2003 .

[7] John Linn,et al. Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures , 1987, RFC.

[8] Chris Anley,et al. Advanced SQL Injection In SQL Server Applications , 2002 .

[9] Scott W. Ambler,et al. The Object Primer: Agile Model–Driven Development (AMDD) , 2004 .

[10] Nathaniel S. Borenstein,et al. Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies , 1996, RFC.