Model-Based Penetration Test Framework for Web Applications Using TTCN-3

Penetration testing is a widely used method for testing the security of web applications, but it can be inefficient if it is not done systematically. Public databases of web application vulnerabilities can be used to drive penetration testing, but testers need to understand them and interpret them into executable test cases. This requires an in-depth knowledge of security. This paper proposes a model-based testing approach using a data model that describes the relationship between web security knowledge, business domain knowledge, and test case development. The approach consists of a data model that represents the relevance between attack surface, application fingerprint, attack vectors, and fuzz vectors; a test case generator that automatically generates penetration test scenarios for web applications; and a penetration test framework supported by TTCN-3 test environment. The model-based testing approach can be used to provide structured tool support for developing penetration test campaigns. We demonstrate the feasibility and efficiency of the approach at the design level.