Vulnerability Testing for
Head of Department:-
Mr. Monoj Kar
O MBVT Approach
O DVWA Example with MBVT Approach
O Web applications are becoming more popular in
means of modern information interaction, which
leads to a growth of the demand of Web
O At the same time, Web application
vulnerabilities are drastically increasing.
O One of the most important software security
practices that is used to mitigate the increasing
number of vulnerabilities is security testing.
O One of the security testing is Model-Based
O Model-Based Vulnerability Testing (MBVT)
for Web applications, aims at improving the
accuracy and precision of vulnerability
O Accuracy:- capability to focus on the relevant
part of the software
O Precision:- capability to avoid both false
positive and false negative.
O MBVT adapted the traditional approach of
Model-Based Testing (MBT) in order to
generate vulnerability test cases for Web
DVWA Example using MBVT
O DVWA:- Damn Vulnerable Web Application
O DVWA is an open-source Web application test
bed, based on PHP/MySQL.
O DVWA embeds several vulnerabilities(like SQL
Injection and Blind SQL Injection, and Reflected
and Stored XSS).
O In this example we will focus on RXSS
vulnerabilities through form fields.
O RXSS is one of the major breach because it is
highly used and its exploitation leads to severe
O We will apply the four activities of MBVT
approach to DVWA.
1. Formalizing Vulnerability Test Patterns
into Test Purposes
O Vulnerability Test Patterns (vTP) are the initial
artefacts of our approach.
O A vTP expresses the testing needs and
procedures allowing the identification of a
particular breach in a Web application.
O A test purpose is a high level expression that
formalizes a test intention linked to a testing
O We propose test purposes as a mean to drive
the automated test generation.
O Smartesting Test Purpose Language is a textual
language based on regular expressions,
allowing the formalization of vulnerability test
intention in terms of states to be reach and
operations to be called.
O The modeling activity produces a model based
on the functional specifications of the
application, and on the test purposes.
Class diagram of the SUT structure, for our MBVT approach
3. Test Generation:-
O The main purpose of the test generation activity
is to produce test cases from both the model
and the test purposes.
O This activity consists of three phases.
O The first phase transforms the model and the
test purposes into elements usable by the
Smartesting CertifyIt MBT tool.
O The second phase produces the abstract test
cases from the test targets.
O The third phase exports the abstract test cases
into the execution environment.
4. Adaptation and test execution:-
O During the modeling activity, all data used by
the application, are modeled in a abstract way.
O Hence, the test suite can’t be executed as it is.
O So, the generated abstract test cases are
translated into executable scripts.
b. Test Execution:-
O The adapted test cases are executed in order to
produce a verdict.
O There is a new terminology fitting the
characteristics of a test execution:-
O Our model defines four malicious data dedicated
to Reflected XSS attacks.
O These values are defined in an abstract way,
and must be adapted.
O Each of them is mapped to a concrete value, as
shown in figure:
Mapping between abstract and concrete
O MBVT can address both technical and logical
O Needed effort to design models, test patterns
O G Erdogan - 2009 - ntnu.diva-portal.org