scholarly journals Classification and Evaluation of Cloud-Based Testing Tools: The Case Study of Web Applications' Security Testing

2018 ◽  
Vol 7 (1) ◽  
pp. 40-57
Author(s):  
Martin Lněnička ◽  
Jan Čapek
Keyword(s):  
Web Applications ◽  
Security Testing ◽  
Testing Tools

scholarly journals The Security Aspect of Applications in Kosovo Companies

2018 ◽  
Vol 13 (1) ◽  
pp. 221
Author(s):  
Festim Halili ◽  
Lirie Koraqi
Keyword(s):  
Web Applications ◽  
Research Problem ◽  
Security Testing ◽  
Theoretical Concepts ◽  
Software Applications ◽  
Study Case

This paper addresses the security aspects of the software applications in the framework of several entrepreneurship. It has a certain goal and structure, through which it modestly aims to present the security aspect of web applications in Kosovo companies. At first we tried to give some theoretical concepts about security in general and security testing in particular. The key research elaboration of the research problem addresses the security aspect in the sector of companies that develop applications and do their testing, here we will dwell on a case-study case of different companies in Kosovo. The purpose of this section is to argue the importance of security and its application to various companies.

scholarly journals On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications

2020 ◽  
Vol 10 (24) ◽  
pp. 9119
Author(s):  
Francesc Mateo Tudela ◽  
Juan-Ramón Bermejo Higuera ◽  
Javier Bermejo Higuera ◽  
Juan-Antonio Sicilia Montalvo ◽  
Michael I. Argyros
Keyword(s):  
Web Applications ◽  
Security Analysis ◽  
False Positives ◽  
Vulnerability Detection ◽  
Security Testing ◽  
Security Vulnerabilities ◽  
Security Vulnerability ◽  
Interactive Analysis ◽  
Testing Tools ◽  
Analysis Tools

The design of the techniques and algorithms used by the static, dynamic and interactive security testing tools differ. Therefore, each tool detects to a greater or lesser extent each type of vulnerability for which they are designed for. In addition, their different designs mean that they have different percentages of false positives. In order to take advantage of the possible synergies that different analysis tools types may have, this paper combines several static, dynamic and interactive analysis security testing tools—static white box security analysis (SAST), dynamic black box security analysis (DAST) and interactive white box security analysis (IAST), respectively. The aim is to investigate how to improve the effectiveness of security vulnerability detection while reducing the number of false positives. Specifically, two static, two dynamic and two interactive security analysis tools will be combined to study their behavior using a specific benchmark for OWASP Top Ten security vulnerabilities and taking into account various scenarios of different criticality in terms of the applications analyzed. Finally, this study analyzes and discuss the values of the selected metrics applied to the results for each n-tools combination.

scholarly journals ПРИМЕНЕНИЕ НЕЙРОСЕТЕЙ ДЛЯ ВЫБОРА ИНСТРУМЕНТАЛЬНЫХ СРЕДСТВ ТЕСТИРОВАНИЯ WEB-ПРИЛОЖЕНИЙ НА ПРОНИКНОВЕНИЕ

2018 ◽  
pp. 86-90
Author(s):  
Артём Григорьевич Тецкий
Keyword(s):  
Neural Networks ◽  
Web Application ◽  
Web Applications ◽  
Data Sets ◽  
Neural Net ◽  
Choice Data ◽  
Security Testing ◽  
Data Set ◽  
Testing Tools ◽  
The One

Penetration testing is conducted to detect and further to fix the security problems of the Web application. During testing, tools are actively used that allows to avoid performing a large number of monotonous operations by the tester. The problem with selecting the tools is that there are a number of similar tools for testing the same class of security problems, and it is not known which tool is most suitable for a particular case. Such a problem is most often found among novice testers, more experienced testers use their own sets of tools to find specific security problems. Such kits are formed during the work, and each tester finds the most suitable tools for him. The goal of the paper is to create a method that will help to choose a tool for a particular case, based on the experience of experts in security testing of Web applications. To achieve the goal, it is proposed to create a Web service that will use the neural net-work to solve the problem of choice. Data for training a neural network in the form of a matrix of tools and their criteria are provided by experts in the field of security testing of Web applications. To find the most suitable tool, a vector of requirements should be formed, i.e. the user of service must specify the criteria for the search. As a result of the search, several most suitable for the request tools are shown to the user. Also, the user can save the result of his choice, if it differs from the proposed one. In this way, a set of learning examples can be extended. It is advisable to have two neural networks, the first one is trained only on data from experts; the second one is trained on data from experts and on data of users who have retained their choice. The usage of neural networks allows to realize correspondence between several input data sets to the one output data set. The described method can be used to select software in various applications.

Analyzing Security Testing Tools for Web Applications

2021 ◽  
pp. 411-419
Author(s):  
Amel F. Aljebry ◽  
Yasmine M. Alqahtani ◽  
Norrozila Sulaiman
Keyword(s):  
Web Applications ◽  
Security Testing ◽  
Testing Tools

scholarly journals MODERN TOOLS FOR SECURITY TESTING FROM OWASP

2020 ◽  
Vol 22 ◽  
pp. 18-22
Author(s):  
M.-V. Lyba ◽  
L. Uhryn
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Security Testing ◽  
Web Application Security ◽  
Practical Result ◽  
Software Products ◽  
Testing Tools ◽  
It Systems ◽  
Security Audits ◽  
The Moment

With the development of information technology, humanity is increasingly delving into the world of gadgets, cloud technology, virtual reality, and artificial intelligence. Through web applications, we receive and distribute information, including confidential. During the pandemic, most people switched to online work and study. As a result, most of the data stored on personal computers, company servers, and cloud storage needs protection from cyberattacks. The problem of cybersecurity at the moment is incredibly relevant due to the hacking of cryptocurrencies, websites of ministries, bitcoin wallets or social network accounts. It is necessary to conduct high-quality testing of developed applications to detect cyber threats, to ensure reliable protection of different information. The article states that when testing applications, it checks for vulnerabilities that could arise as a result of incorrect system setup or due to shortcomings in software products. The use of innovation is necessary to improve quality. Modern realities have become a challenge for the development of cybersecurity products. Improvement of technology requires modern companies to update their IT systems and conduct regular security audits. The research is devoted to the analysis of modern OWASP testing tools that contribute to data security, with a view to their further use. The Open Web Application Security Project is an open security project. The research revealed a list of the most dangerous vectors of attacks on Web-applications, in particular, OWASP ZAP performs analyzes the sent and received data system security scanning at the primary level, MSTG performs security testing of mobile applications iOS and Android mobile devices. The practical result of the work is to test a specially developed web-application and identify vulnerabilities of different levels of criticality.

Performance Comparison of Web Backend And Database: A Case Study Of Node.JS, Golang and MySQL, MongoDB

2019 ◽  
Vol 13 ◽  
Author(s):  
Faried Effendy ◽  
Taufik ◽  
Bramantyo Adhilaksono
Keyword(s):  
Response Time ◽  
Open Source ◽  
Poisson Distribution ◽  
Mobile Application ◽  
Web Applications ◽  
Performance Comparison ◽  
Memory Usage ◽  
Data Traffic ◽  
Cpu Utilization

: Substantial research has been conducted to compare web servers or to compare databases, but very limited research combines the two. Node.js and Golang (Go) are popular platforms for both web and mobile application back-ends, whereas MySQL and Go are among the best open source databases with different characters. Using MySQL and MongoDB as databases, this study aims to compare the performance of Go and Node.js as web applications back-end regarding response time, CPU utilization, and memory usage. To simulate the actual web server workload, the flow of data traffic on the server follows the Poisson distribution. The result shows that the combination of Go and MySQL is superior in CPU utilization and memory usage, while the Node.js and MySQL combination is superior in response time.

scholarly journals Web-Based Job Aids Using RESTXQ and JavaScript for Authors of XML Documents

2016 ◽  
Author(s):  
Amanda Galtman
Keyword(s):  
Web Applications ◽  
Web Based ◽  
Job Aids ◽  
Xml Documents ◽  
Software Company ◽  
Technical Writers ◽  
Visualization Application ◽  
Exchange Data ◽  
The Web

Using XML as the source format for authoring technical publications creates opportunities to develop tools that provide analysis, author guidance, and visualization. This case study describes two web applications that take advantage of the XML source format of documents. The applications provide a browser-based tool for technical writers and editors in a 100-person documentation department of a software company. Compared to desktop tools, the web applications are more convenient for users and less affected by hard-to-predict inconsistencies among users' computers. One application analyzes file dependencies and produces custom reports that facilitate reorganizing files. The other helps authors visualize their network of topics in their documentation sets. Both applications rely on the XQuery language and its RESTXQ web API. The visualization application also uses JavaScript, including the powerful jQuery and D3 libraries. After discussing what the applications do and why, this paper describes some architectural highlights, including how the different technologies fit together and exchange data.

Towards Test-Driven and Architecture Model-Based Security and Resilience Engineering

2013 ◽  
pp. 163-188
Author(s):  
Ayda Saidane ◽  
Nicolas Guelfi
Keyword(s):  
Software Systems ◽  
Critical Systems ◽  
Functional Requirements ◽  
Security Testing ◽  
Modeling Framework ◽  
Architecture Model ◽  
Model Based ◽  
Security Modeling

The quality of software systems depends strongly on their architecture. For this reason, taking into account non-functional requirements at architecture level is crucial for the success of the software development process. Early architecture model validation facilitates the detection and correction of design errors. In this research, the authors are interested in security critical systems, which require a reliable validation process. So far, they are missing security-testing approaches providing an appropriate compromise between software quality and development cost while satisfying certification and audit procedures requirements through automated and documented validation activities. In this chapter, the authors propose a novel test-driven and architecture model-based security engineering approach for resilient systems. It consists of a test-driven security modeling framework and a test based validation approach. The assessment of the security requirement satisfaction is based on the test traces analysis. Throughout this study, the authors illustrate the approach using a client server architecture case study.

Sign in / Sign up

Export Citation Format

Share Document