![]() The inferred filter rule can be added to the WAF’s rule set to prevent attacks from bypassing. An approach that increases the attack detection capabilities of a WAF by inferring a filter rule from a set of bypassing attacks. A testing technique that assesses the attack detection capabilities of a Web Application Firewall (WAF) by systematically generating attacks that try to bypass it. We propose a set of mutation operators that are specifically designed to increase the likelihood of generating successful attacks. An input mutation technique that can generate a diverse set of test cases. The main research contributions in this dissertation are: - An assessment of the impact of Web Application Firewalls and Database Intrusion Detection Systems on the accuracy of SQLi testing. The devised testing approaches are evaluated with SIX’ IT platform, which consists of various web services that process several thousand financial transactions daily. Specifically, the devised testing approaches are automated, applicable in black box testing scenarios, able to assess and bypass Web Application Firewalls (WAF), and use an accurate test oracle. We analyse the challenges SIX is facing in security testing and base our testing approaches on assumptions inferred from our findings. issuing of credit and debit cards, settlement of card transactions, online payments, and point-of-sale payment terminals. SIX Payment Services is a leading provider of financial services in the area of payment processing, e.g. The work presented in this dissertation was conducted in collaboration with SIX Payment Services (formerly CETREL S.A.). the generation of test cases or the definition of test oracles, and in combination they provide a holistic approach. Each of the presented approaches covers a different aspect of security testing, e.g. In this dissertation, we propose several security testing approaches that evaluate web applications and services for vulnerabilities and common IT infrastructure components such as for their resilience against attacks. Despite having received much attention from academia and practitioners, the prevalence of SQLi is common and the impact of their successful exploitation is severe. Injection vulnerabilities, such as SQL injection (SQLi), are ranked amongst the most dangerous types of vulnerabilities. Despite having received much attention from academia and practitioners, the. Automated Security Testing of Web-Based Systems Against SQL Injection Attacks Appelt, Dennis ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |