Abstract | ||
---|---|---|
Modern web applications often interact with internal web services, which are not directly accessible to users. However, malicious user inputs can be used to exploit security vulnerabilities in web services through the application front-ends. Therefore, testing techniques have been proposed to reveal security flaws in the interactions with back-end web services, e.g., XML Injections (XMLi). Given a potentially malicious message between a web application and web services, search-based techniques have been used to find input data to mislead the web application into sending such a message, possibly compromising the target web service. However, state-of-the-art techniques focus on (search for) one single malicious message at a time. |
Year | DOI | Venue |
---|---|---|
2019 | 10.1007/s10664-019-09707-8 | Empirical Software Engineering |
Keywords | Field | DocType |
Security testing, Code injection vulnerabilities, Search-based software engineering | Data mining,Security testing,World Wide Web,XML,Computer science,Vulnerability assessment,Exploit,Web application,Web service,Search-based software engineering,Vulnerability | Journal |
Volume | Issue | ISSN |
24 | 6 | 1573-7616 |
Citations | PageRank | References |
2 | 0.37 | 0 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Sadeeq Jan | 1 | 12 | 1.89 |
Annibale Panichella | 2 | 838 | 45.02 |
Andrea Arcuri | 3 | 2630 | 92.48 |
Lionel C. Briand | 4 | 8795 | 481.98 |