The Theory and Implementation of InputValidator: A Semi-Automated Value-Level Bypass Testing Tool

The Theory and Implementation of InputValidator: A Semi-Automated Value-Level Bypass Testing Tool

J. Miller (University of Alberta, Canada), L. Zhang (University of Alberta, Canada), E. Ofuonye (University of Alberta, Canada) and M. Smith (University of Calgary, Canada)
DOI: 10.4018/jitwe.2008070103
OnDemand PDF Download:
$37.50

Abstract

The construction and testing of Web-based systems has become more complex and challenging because of continual innovations in technology. Security is a major concern, particularly for the deployment of mission critical applications. One of the principal vulnerabilities in Webbased systems revolves around insufficient and inappropriate input validation, a deficiency that can be exploited by attacks that bypass client-side checking. This article describes a partially automated mechanism, the tool InputValidator, which seeks to address this issue by sending test data directly to the server to test the robustness and security of the back-end software. The tool allows a user to construct, execute, and evaluate a number of test cases through a formfilling exercise instead of writing bespoke test code.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 12: 4 Issues (2017): 1 Released, 3 Forthcoming
Volume 11: 4 Issues (2016)
Volume 10: 4 Issues (2015)
Volume 9: 4 Issues (2014)
Volume 8: 4 Issues (2013)
Volume 7: 4 Issues (2012)
Volume 6: 4 Issues (2011)
Volume 5: 4 Issues (2010)
Volume 4: 4 Issues (2009)
Volume 3: 4 Issues (2008)
Volume 2: 4 Issues (2007)
Volume 1: 4 Issues (2006)
View Complete Journal Contents Listing