Abstract | ||
---|---|---|
There exist an abundant number of tools for aiding developers and penetration testers to spot common software security vulnerabilities. However, testers are often confronted with situations where existing tools are of little help because a) they do not account for a particular configuration of the SUT and b) they do not include tests for certain vulnerabilities. To cope with this we propose a tool that allows users to define attacker models where the payloads and the behavior are cleanly separated and that abstract away from low-level implementation details such as HTTP requests. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1109/ICST.2013.65 | ICST |
Keywords | Field | DocType |
penetration tester,flexible model-based vulnerability testing,low-level implementation detail,existing tool,certain vulnerability,particular configuration,abundant number,common software security vulnerability,attacker model,security,semantics,unified modeling language,data models,testing | Data modeling,Unified Modeling Language,Computer science,Load modeling,Vulnerability assessment,Computer security,Software security assurance,Semantics,Vulnerability,Payload | Conference |
Citations | PageRank | References |
7 | 0.75 | 1 |
Authors | ||
5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Abian Blome | 1 | 7 | 0.75 |
Martín Ochoa | 2 | 201 | 22.62 |
Keqin Li | 3 | 50 | 10.35 |
Michele Peroli | 4 | 22 | 3.87 |
Mohammad Torabi Dashti | 5 | 133 | 14.24 |