This document discusses security requirements for web-based, multi-device systems. It presents an approach to capturing security requirements using misuse case specifications in natural language. The approach involves defining misuse cases that describe potential attacks and security use cases that specify security countermeasures. The document then discusses how these security requirements specified in natural language can be used to automatically generate executable security test cases. Specifically, it describes how natural language processing techniques can be applied to identify test inputs, operations, and oracles from the misuse case specifications in order to generate code for vulnerability testing.
Study of Web Application Attacks & Their Countermeasuresidescitation
Web application security is among the hottest issue
in present web scenario due to increasing use of web
applications for e-business environment. Web application has
become the easiest way to provide wide range of services to
users. Due to transfer of confidential data during these services
web application are more vulnerable to attacks. Web
application attack occurs because of lack of security awareness
and poor programming skills. According to Imperva web
application attack report [1] websites are probe once every
two minutes and this has been increased to ten attacks per
second in year 2012. In this paper we have presented most
common and dangerous web application attacks and their
countermeasures.
PHP is one of the most commonly used languages to develop web sites because of i
ts simplicity, easy to
learn and it can be easily embedded with any of the databases. A web developer with his basic knowledge
developing an application without practising secure guidelines, improper validation of user inputs leads to
various source code
v
ulnerabilities. Logical flaws while designing, implementing and hosting the web
application causes work flow deviation attacks.
In this paper, we are analyzing the complete behaviour of a
web application through static and dynamic analysis methodologies
Application Security Vulnerabilities: OWASP Top 10 -2007Vaibhav Gupta
General concepts of web application security vulnerabilities primarily based on OWASP Top 10 list-2007(I know its too old :-))
I, along with Sandeep and Vishal, presented on this at IIIT-Delhi college in April, 2014
Study of Web Application Attacks & Their Countermeasuresidescitation
Web application security is among the hottest issue
in present web scenario due to increasing use of web
applications for e-business environment. Web application has
become the easiest way to provide wide range of services to
users. Due to transfer of confidential data during these services
web application are more vulnerable to attacks. Web
application attack occurs because of lack of security awareness
and poor programming skills. According to Imperva web
application attack report [1] websites are probe once every
two minutes and this has been increased to ten attacks per
second in year 2012. In this paper we have presented most
common and dangerous web application attacks and their
countermeasures.
PHP is one of the most commonly used languages to develop web sites because of i
ts simplicity, easy to
learn and it can be easily embedded with any of the databases. A web developer with his basic knowledge
developing an application without practising secure guidelines, improper validation of user inputs leads to
various source code
v
ulnerabilities. Logical flaws while designing, implementing and hosting the web
application causes work flow deviation attacks.
In this paper, we are analyzing the complete behaviour of a
web application through static and dynamic analysis methodologies
Application Security Vulnerabilities: OWASP Top 10 -2007Vaibhav Gupta
General concepts of web application security vulnerabilities primarily based on OWASP Top 10 list-2007(I know its too old :-))
I, along with Sandeep and Vishal, presented on this at IIIT-Delhi college in April, 2014
OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.
SQL injection is a type of security exploit in which the attacker adds SQL statements through a web application's input fields or hidden parameters to gain access to resources or make changes to data.
SQL injection is the major susceptible attack in today’s era of web application which attacks the database to gain unauthorized and illicit access. It works as an intermediate between web application and database. Most of the time, well-known people fire the SQL injection, who is previously working in the organisation on the present database. Today organisation has major concern is to stop SQL injection because it is the major vulnerable attack in the database. SQLI attacks target databases that are reachable through web front. SQLI prevention technique efficiently blocked all of the attacks without generating any false positive. In this paper we present different techniques and tools which can prevent various attacks.
digital marketing training in chennai.digital marketing training.digital marketing training in chennai.digital marketing training.digital marketing training in chennai.digital marketing training.digital marketing training in chennai.digital marketing training.
Sqlas tool to detect and prevent attacks in php web applicationsijsptm
Web applications become an important part of our daily lives. Many other activities are relay on the functionality and security of these applications. Web application injection attacks, such as SQL injection (SQLIA), Cross-Site Scripting (XSS) and Cross-Site Request Forgery (XSRF) are major threats to the
security of the Web Applications. Most of the methods are focused on detection and prevention from these
web application vulnerabilities at Run Time, which need manual monitoring efforts. Main goal of our work
is different in the way it aims to create new systems that are safe against injection attacks to begin with, thus allowing developers the freedom to write and execute code without having to worry about these attacks. In this paper we present SQL Attack Scanner (SQLAS) a Tool which can detect & prevent SQL injection Attack in web applications. We analyzed the performance of our proposed tool SQLAS with various PHP web applications and its results clearly determines the effectiveness of detection and prevention of our proposed tool. SQLAS scans web applications offline, it reduces time and manual effort due to less overhead of runtime monitoring because it only focus on fragments that are vulnerable for attacks. We use XAMPP for client server environment and developed a TESTBED on JAVA for evaluation of our proposed tool SQLAS.
In this digital era, organizations and industries are moving towards replacing websites with web applications for many obvious reasons. With this transition towards web-based applications, organizations and industries find themselves surrounded by several threats and vulnerabilities. One of the largest concerns is keeping their infrastructure safe from attacks and misuse. Web security entails applying a set of procedures and practices, by applying several security principles at various layers to protect web servers, web users, and their surrounding environment. In this paper, we will discuss several attacks that may affect web-based applications namely: SQL injection attacks, cookie poisoning, cross-site scripting, and buffer overflow. Additionally, we will discuss detection and prevention methods from such attacks.
Connection String Parameter Pollution AttacksChema Alonso
Paper about Connection String Attacks that focus in Connection String Parameter Pollution in Web Applications. Presented in Ekoparty 2009, Black Hat DC 2010 and Troopers 2010
MALWARE DETECTION USING MACHINE LEARNING ALGORITHMS AND REVERSE ENGINEERING O...IJNSA Journal
This research paper is focused on the issue of mobile application malware detection by Reverse Engineering of Android java code and use of Machine Learning algorithms. The malicious software characteristics were identified based on a collected set of total number of 1958 applications (including 996 malware applications). During research a unique set of features was chosen, then three attribute selection algorithms and five classification algorithms (Random Forest, K Nearest Neighbors, SVM, Nave Bayes and Logistic Regression) were examined to choose algorithms that would provide the most effective rate of malware detection.
Co-presentation with Brian Marshall, Mark Wilson, and Chad Rikansrud at SHARE Atlanta, 2016. - Discussing The various approaches to mainframe security and hacking.
OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.
SQL injection is a type of security exploit in which the attacker adds SQL statements through a web application's input fields or hidden parameters to gain access to resources or make changes to data.
SQL injection is the major susceptible attack in today’s era of web application which attacks the database to gain unauthorized and illicit access. It works as an intermediate between web application and database. Most of the time, well-known people fire the SQL injection, who is previously working in the organisation on the present database. Today organisation has major concern is to stop SQL injection because it is the major vulnerable attack in the database. SQLI attacks target databases that are reachable through web front. SQLI prevention technique efficiently blocked all of the attacks without generating any false positive. In this paper we present different techniques and tools which can prevent various attacks.
digital marketing training in chennai.digital marketing training.digital marketing training in chennai.digital marketing training.digital marketing training in chennai.digital marketing training.digital marketing training in chennai.digital marketing training.
Sqlas tool to detect and prevent attacks in php web applicationsijsptm
Web applications become an important part of our daily lives. Many other activities are relay on the functionality and security of these applications. Web application injection attacks, such as SQL injection (SQLIA), Cross-Site Scripting (XSS) and Cross-Site Request Forgery (XSRF) are major threats to the
security of the Web Applications. Most of the methods are focused on detection and prevention from these
web application vulnerabilities at Run Time, which need manual monitoring efforts. Main goal of our work
is different in the way it aims to create new systems that are safe against injection attacks to begin with, thus allowing developers the freedom to write and execute code without having to worry about these attacks. In this paper we present SQL Attack Scanner (SQLAS) a Tool which can detect & prevent SQL injection Attack in web applications. We analyzed the performance of our proposed tool SQLAS with various PHP web applications and its results clearly determines the effectiveness of detection and prevention of our proposed tool. SQLAS scans web applications offline, it reduces time and manual effort due to less overhead of runtime monitoring because it only focus on fragments that are vulnerable for attacks. We use XAMPP for client server environment and developed a TESTBED on JAVA for evaluation of our proposed tool SQLAS.
In this digital era, organizations and industries are moving towards replacing websites with web applications for many obvious reasons. With this transition towards web-based applications, organizations and industries find themselves surrounded by several threats and vulnerabilities. One of the largest concerns is keeping their infrastructure safe from attacks and misuse. Web security entails applying a set of procedures and practices, by applying several security principles at various layers to protect web servers, web users, and their surrounding environment. In this paper, we will discuss several attacks that may affect web-based applications namely: SQL injection attacks, cookie poisoning, cross-site scripting, and buffer overflow. Additionally, we will discuss detection and prevention methods from such attacks.
Connection String Parameter Pollution AttacksChema Alonso
Paper about Connection String Attacks that focus in Connection String Parameter Pollution in Web Applications. Presented in Ekoparty 2009, Black Hat DC 2010 and Troopers 2010
MALWARE DETECTION USING MACHINE LEARNING ALGORITHMS AND REVERSE ENGINEERING O...IJNSA Journal
This research paper is focused on the issue of mobile application malware detection by Reverse Engineering of Android java code and use of Machine Learning algorithms. The malicious software characteristics were identified based on a collected set of total number of 1958 applications (including 996 malware applications). During research a unique set of features was chosen, then three attribute selection algorithms and five classification algorithms (Random Forest, K Nearest Neighbors, SVM, Nave Bayes and Logistic Regression) were examined to choose algorithms that would provide the most effective rate of malware detection.
Co-presentation with Brian Marshall, Mark Wilson, and Chad Rikansrud at SHARE Atlanta, 2016. - Discussing The various approaches to mainframe security and hacking.
In the most recent Hacker Intelligence Initiative report, Imperva analyses vulnerabilities found in the SuperGlobal parameters of the PHP platform, and finds that a multi-step attack requires a multi-layered application security solution.
A presentation of OWASP's top 10 most common web application security flaws. The content in the slides is sourced from various sources listed in the references section.
Abstract
In this article, we explore the path traversal attacks, also known as directory traversal attacks, and the potential harm they can cause to a system. We begin with an introduction to path traversal, explaining what it is and how attackers can exploit it to gain unauthorized access to files and directories. We then dive into the different techniques that can be used to exploit path traversal, including manipulating file paths and using encoding techniques. To prevent these attacks, we discuss several best practices, such as input validation and path normaliza- tion. Finally, we provide examples of more secure code and discuss how developers can implement these practices to strengthen their ap- plication’s defenses against path traversal attacks. Whether you’re a developer, a security professional, or just interested in learning more about cyber-security, this article provides valuable insights into one of the most common types of web application vulnerabilities.
User and entity behavior analytics: building an effective solutionYolanta Beresna
This presentation provides an overview of UEBA space and gives insights into the core components of an effective solution, such as relevant Threat and Attack Scenarios, Data Sources, and various Analytic techniques. This was presented during ISSA-UK chapter meeting.
Database-as-a-service (DbaaS) is a cloud computing service model that provides users with some form of access to a database without the need for setting up physical hardware, installing software or configuring for performance. All of the administrative tasks and maintenance are taken care of by the service provider and the user or the application owner needs to do is to use the database. The outsourcing of data can lead to confidentiality and integrity issues and also privilege escalation.
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Looking for a reliable mobile app development company in Noida? Look no further than Drona Infotech. We specialize in creating customized apps for your business needs.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Testing Security and Privacy Requirements
1. .lusoftware verification & validation
VVS
Testing Security and Privacy
Requirements
Lionel Briand
NASAC 2018, China
2. Context: Web-based, Multi-device Systems
2
• Include multiple and different devices that manage personal information
• Typical for many services (e.g., personal training, home-banking, music-streaming, etc. )
• Case study: EDLAH2 project, active and assisted living for the elderly
• Multiple attack surfaces, e.g., parameters, URLs, files, programs
3. 42%
32%
9%
4%
3%
3%
3%
2%
2%
Code Injection
Manipulated data…
Collect and analyze…
Indicator
Employ…
Manipulate system…
Subvert access…
Abuse existing…
Engage in…
X-Force Threat Intelligence Index 2017
3
https://www.ibm.com/security/xforce/
More than 40% of all
attacks were injection
attacks (e.g., SQLi)
4. Challenges
4
• Capture security and privacy requirements
•Both properties to preserve (e.g., confidentiality of personal data)
and possible attacks to be prevented
•Structured and precise, e.g., to enable compliance analysis and
test automation
•Coherent with functional requirements elicitation practice
(i.e., use case-driven in EDLAH2)
• Ensure, in a verifiable manner, that security and privacy
requirements have been properly implemented
• Usually based on manual testing, which is error prone and time
consuming
5. Research Objectives
5
Define a method for capturing security
requirements in a form that is both practical
and amenable to test automation
Define an automated testing methodology
to ensure the compliance of the software
with its security requirements
7. Objectives
7
• Security requirements should be “usable” by all
stakeholders
•Technical and, to some extent, non-technical roles
•Technical roles: IT people who cannot handle formal
representations
• Security requirements with integrated with functional
requirements (Use Cases)
• Security requirements should be automatically analyzable
for multiple purposes, e.g., automated security testing
9. Patient
Access
Discussion Boards
Provide
Health Data
Get Fitter
by Walking
Monitor
Patient Progress
Configure
Patient Tablet
Login
View
Patient Information
Malicious
User
Malicious
App
Bypass
Authorization
Schema
Collect
Credentials
Extract Data
From Insecure
Data Storage
Get Access
with SQLi
«threaten»
«threaten»
«threaten»
Validate
Data Access
Rights
«include»
«mitigate»
Family
Member
EDLAH2
10. RMCM Misuse Case Template
10
•Based on RUCM [Yue’13], a template for capturing use
case specifications
•Restrictions rules to avoid ambiguity
•Keywords to enable precise natural language processing (NLP)
•Compliance checked with NLP
•Not originally designed for security and privacy
•Extension: Restricted Misuse Case Modeling (RMCM)
11. A Generic Example of Misuse Case
Specification Header
MISUSE CASE: Bypass Authorization Schema
Description: The MALICIOUS user accesses resources that
are dedicated to a user with a different role.
Precondition: The MALICIOUS user has access to one or
more accounts on the system and a list of resources (URLs)
that she should not be able to access with these accounts.
Primary Actor: MALICIOUS user
Threats: Monitor Patient Progress, View Patient Information,
Configure Patient Tablet
Assets: Client DATA
11
12. A Generic Example Misuse Case
Specification Header
MISUSE CASE: Bypass Authorization Schema
Description: The MALICIOUS user accesses resources that
are dedicated to a user with a different role.
Precondition: The MALICIOUS user has access to one or
more accounts on the system and a list of resources (URLs)
that she should not be able to access with these accounts.
Primary Actor: MALICIOUS user
Threats: Monitor Patient Progress, View Patient Information,
Configure Patient Tablet
Assets: Client DATA
Indicates malicious actor
Indicates security-sensitive data
12
13. Example Misuse Case Specification Flows
Basic Threat Flow:
1. FOREACH role
2. The MALICIOUS user SENDS username and password TO the system
through the login page
3. FOREACH resource
4. The MALICIOUS user REQUESTS the resource FROM the system.
5. The system SENDS a response page TO the MALICIOUS user.
6. The MALICIOUS user EXPLOITS the system using the response page.
7. ENDFOR
8. ENDFOR
Postcondition: The MALICIOUS user has accessed a resource dedicated
to another user with different role
Specific Alternative Threat Flow (SATF1)
RFS 4
1. IF the URL includes a role parameter THEN
2. The MALICIOUS user updates the role value with his role
3. RESUME STEP 5.
…
Nominal scenario for a malicious actor to
successfully harm the system
14. Example Misuse Case Specification Flows
Basic Threat Flow:
1. FOREACH role
2. The MALICIOUS user SENDS username and password TO the system
through the login page
3. FOREACH resource
4. The MALICIOUS user REQUESTS the resource FROM the system.
5. The system SENDS a response page TO the MALICIOUS user.
6. The MALICIOUS user EXPLOITS the system using the response page.
7. ENDFOR
8. ENDFOR
Postcondition: The MALICIOUS user has accessed a resource dedicated
to another user with different role
Specific Alternative Threat Flow (SATF1)
RFS 4
1. IF the URL includes a role parameter THEN
2. The MALICIOUS user updates the role value with his role
3. RESUME STEP 5.
…
Control flow
Input and output steps
Exploit information exposed in
error or exception messages
Unwanted impact on asset
15. Basic Threat Flow:
1. FOREACH role
2. The MALICIOUS user SENDS username and password TO the system
through the login page
3. FOREACH resource
4. The MALICIOUS user REQUESTS the resource FROM the system.
5. The system SENDS a response page TO the MALICIOUS user.
6. The MALICIOUS user EXPLOITS the system using the response page.
7. ENDFOR
8. ENDFOR
Postcondition: The MALICIOUS user has accessed a resource dedicated
to another user with different role
Specific Alternative Threat Flow (SATF1)
RFS 4
1. IF the URL includes a role parameter THEN
2. The MALICIOUS user updates the role value with his role
3. RESUME STEP 5.
...
Alternative attack scenario:
includes the keyword ‘Threat’
Example Misuse Case Specification Flows
Specific alternative threat flow branching from
step 4 in basic threat flow
16. Basic Threat Flow:
1. FOREACH role
2. The MALICIOUS user SENDS username and password TO the system
through the login page
3. FOREACH resource
4. The MALICIOUS user REQUESTS the resource FROM the system.
5. The system SENDS a response page TO the MALICIOUS user.
6. The MALICIOUS user EXPLOITS the system using the response page.
7. ENDFOR
8. ENDFOR
Postcondition: The MALICIOUS user has accessed a resource dedicated
to another user with different role
Specific Alternative Flow (SAF1)
RFS 5
1. IF the response page contains an error message THEN
2. RESUME STEP 7.
3. ENDIF.
Postcondition: The MALICIOUS user cannot access the resource
Failed attack scenario:
‘Alternative Flow’ used instead of
‘Alternative Threat Flow’.
Alternative flows always begin with a conditional
statement: simplify the identification of the
conditions that trigger the alternative behavior.
Example Misuse Case Specification Flows
17. Security Use Case Specification
17
SECURITY USE CASE: Validate Data Access Rights
Description: The system verifies if the access to the data of a certain patient
can be granted to a given user.
Precondition: A user has requested patient DATA
Compliance: ISO/IEC 27001:2013 clause A.9.4
Mitigate: Bypass Authorization Schema
Basic Flow
1. The system VALIDATES THAT the user is a carer.
2. The system VALIDATES THAT the user belongs to the
group of carers of the patient.
3. The system SENDS the requested data TO the user.
Postcondition: The DATA access is granted.
Specific Alternative Flow (SAF2):
RFS 1
1. ABORT.
Postcondition: Patient DATA access is denied.
Counter-measure for misuse case(s)
Steps performed to
mitigate attacks in
misuse cases
Traceability to provisions
in standards
18. Security Use Case Specification
18
SECURITY USE CASE: Validate Data Access Rights
Description: The system verifies if the access to the data of a certain patient
can be granted to a given user.
Precondition: A user has requested patient DATA
Compliance: ISO/IEC 27001:2013 clause A.9.4
Mitigate: Bypass Authorization Schema
Basic Flow
1. The system VALIDATES THAT the user is a carer.
2. The system VALIDATES THAT the user belongs to the
group of carers of the patient.
3. The system SENDS the requested data TO the user.
Postcondition: The DATA access is granted.
Specific Alternative Flow (SAF2):
RFS 1
1. ABORT.
Postcondition: Patient DATA access is denied
User not a carer
Check condition
Condition violated
21. Misuse
Case
Specifications
Security
Use Case
Specifications
Security
Functional
Testing
Security
Vulnerability
Testing
Automated Generation of
Executable Test Cases
Validating whether the
specified security
properties are
implemented correctly
Addressing the
identification of
system
vulnerabilities
Automatic generation of executable test
cases from security requirements
Benefits of automated generation:
• Automated generation reduces
development costs
• Ensures coverage and traceability
Focus on security vulnerability
testing in this presentation
[Wang‘15, Wang‘18]
23. Example Misuse Case Specification
(2 flows)
24
Basic Threat Flow:
1. FOREACH role
2. The MALICIOUS user sends username and password to the system
through the login page
3. FOREACH resource
4. The MALICIOUS user requests the resource from the system
5. The system sends a response page to the MALICIOUS user
6. The MALICIOUS user EXPLOITS the system using the response page
7. ENDFOR
8. ENDFOR
Postcondition: The MALICIOUS user has executed a function
dedicated to another user with different role
Specific Alternative Flow (SAF1)
RFS 5
1. IF the response page contains an error message THEN
2. RESUME STEP 7
3. ENDIF
Postcondition: The MALICIOUS user cannot access the resource
24. Natural Language and Test Generation
25
• Identify input entities (e.g., ‘role’, ‘password’), input relationships (e.g., each
‘username’ is associated to a ‘role’), and values to be assigned to input
entities.
• Identify the instructions (e.g., API calls) that perform the operations
indicated in the use case specifications steps.
• Generate oracles/verdicts from conditional sentences describing when the
attack is successful.
Basic Threat Flow:
1. FOREACH role
2. The MALICIOUS user SENDS username and password TO the system
through the login page
3. FOREACH resource
4. The MALICIOUS user REQUESTS the resource FROM the system.
..
1. IF the response page contains an error message THEN
input entities
operation
conditional
sentence
25. Working Assumptions
•RMCM is applied
•A test driver API is available
•API operation and parameters are “textually similar” to phrases in use
case specifications
•Natural language processing techniques (i.e., semantic role labeling)
are accurate at identifying methods to call, inputs …
parameters["passwd"] = role["password"]
parameters["user"] = role["username"]
system.send("login page", parameters)
“The MALICIOUS user sends username and password to the system”
caller of a method
method to
call
parameters
instance to
invoke
System::send(String page, Dictionary parameters);
26. Expected Generated Code
27
roleIter = input["role"].__iter__()
while roleIter.__hasNext__():
role = roleIter.__next__()
arguments["password"] = role["password"]
arguments["username"] = role["username"]
system.send("login page", arguments)
resourceIter = role["resource"].__iter__()
while resourceIter.__hasNext__():
resource = resourceIter.__next__()
system.request(resource)
responsePage = system.responsePage
if not responsePage.contain(resource["error_message"]):
# the test case fails: the attacker exploits the vulnerability
maliciousUser.exploit()
else:
# the test case passes and the attacker lose
maliciousUser.abort(“malicious user cannot access resource”)
For every role
configured on the system
Login as a user
with that role
Request a resource
(not available to a user with that role)
If the response does not contain
an error message
we have accessed the resource
and can exploit the system
Otherwise the attacker
cannot access the resource
27. Expected Generated Code
28
roleIter = input["role"].__iter__()
while roleIter.__hasNext__():
role = roleIter.__next__()
arguments["password"] = role["password"]
arguments["username"] = role["username"]
system.send("login page", arguments)
resourceIter = role["resource"].__iter__()
while resourceIter.__hasNext__():
resource = resourceIter.__next__()
system.request(resource)
responsePage = system.responsePage
if not responsePage.contain(resource["error_message"]):
# the test case fails: the attacker exploits the vulnerability
maliciousUser.exploit()
else:
# the test case passes and the attacker lose
maliciousUser.abort(“malicious user cannot access resource”)
For every role
configured on the system
Login as a user
with that role
Request a resource
(not available to a user with that role)
If the response does not contain
an error message
we have accessed the resource
and can exploit the system
Otherwise the attacker
cannot access the resource
Generated code includes
input processing,
variable declarations,
cycles, conditions,
method calls, assignments,
oracles
28. MCP
29
Tool: https://sntsvv.github.io/MCP/
Test Driver API
provided by MCP
(possibly extended
by engineers)
Phase 1: Map the test driver API to the MCP ontology
Misuse Case Specifications
In Natural Language
Bypass Authorization
Step 1:…
Step 2:…
(A) Initial ontology provided by
MCP (models programming
language concepts).
Class
AttributeMethod
(B) Ontology including information
about the test driver API.
«Class»
HttpTest
«Class»
System
«Method»
send
Class
Method
Attribute
Phase 2: Generate Misuse Case Models
Step 1
Step 3Step 5
(C) Misuse Case Model
capturing control flow.
Phase 3: Identify Test Inputs
(D) Ontology
updated with
individuals capturing
the relations
between inputs.
«Key»
role
«Key»
username
«Key»
password
«Dictionary»
inputs
(E) Test Input files
Inputs.json
Phase 4: Generate Executable Test Cases
(G) Executable Test Cases.
reuseInvitation.py
guessUserAccount.py
bypassAuthorization.py
(F) Ontology updated with information about
instance variables in the scope of test case lines.
«Class»
HttpTest
«Class»
System
«Variable»
system
Class
Method
Attribute
«Class»
BPA
«Variable»
this
«Scope»
29. Step 3.1: Identify input entities
Basic Threat Flow:
1. FOREACH role
2. The MALICIOUS user SENDS
username and password TO
the system through the login page
3. FOREACH resource
4. The MALICIOUS user REQUESTS
the resource FROM the system.
..
6. IF the response page contains an
error message THEN
30
• Determine which sentences
describe activities where inputs
are provided to the system
• Determine which phrases are
the inputs
30. Step 3.1: Identify input entities
Basic Threat Flow:
1. FOREACH role
2. The MALICIOUS user SENDS
username and password TO
the system through the login page
3. FOREACH resource
4. The MALICIOUS user REQUESTS
the resource FROM the system.
..
6. IF the response page contains an
error message THEN
• Rely on Semantic Role Labeling
• Inputs are the terms affected by
the verb, (i.e., the items
provided by an actor to the
system)
31
31. Semantic Role Labeling (SRL)
32
“The MALICIOUS user sends the username to the system”
actor affected
by the activity
actor performing
an activity
verb
SRL: Automatically determines the semantic roles of
phrases in sentences
destination
32. Semantic Role Labeling (SRL)
33
“The MALICIOUS user sends the username to the system”
actor affected
by the activity
actor performing
an activity
verb
SRL: Automatically determines the semantic roles of
phrases in sentences
destination
In an input sentence when the destination is the system:
The input is the actor affected by the activity.
33. Step 3.4: Input values are automatically generated
when an attack-specific keyword appears in the
use case specifications
MISUSE CASE: Get default credentials
Basic Threat Flow
1. DO
2. The MALICIOUS user SENDS AUTHENTICATION VALUES TO the system
through the login page in the username and password fields of the login page.
3. The system SENDS the response page TO the malicious user
4. …
Postcondition: The MALICIOUS user has been logged into the system by using a
default credential
…..
34
Keywords matches input generation strategy
• Inputs generated by expert or automatically (preferably)
• We have conducted research on test input generation strategies for standard
attacks, e.g., XML injections
37. Security Mechanisms in Front-end
Web Applications
• Input Sanitization: rejects inputs
containing malicious characters
(e.g., <)
• Input Validation: converts
malicious inputs to valid ones
(e.g., deleting XML tags)
• Other transformations: domain
specific transformation (e.g.,
JSON to XML, calculating age)
38
Input
Strings
38. Testing of the Front-end WAs
39
Does the front-end system (SUT) allow the
generation of XML injection attacks?
YES
The front-end
is vulnerable
NO
The front-end
is secure
39. Testing of the Front-end WAs
40
<user>
<username>Tom</username>
<password>m1U9q10</password>
<role>user</role>
<mail>role=Adm+ tom@uni.lu</mail>
</user>
Step 1: Create malicious XML messages
Step 2: Verify whether the SUT can generate them
Malicous XML message
Search for
Input String
40. Generating Malicious Messages
Grammar-based Generation: automatically generating malicious
messages from legitimate messages for different type of XML
injection attacks
41
Our tool SOLMI (ISSTA'16)
Example of XML message
generated by SOLMI
41. Searching for Input Strings
42
<user>
<username>Tom</username>
<password>m1U9q10</password>
<role>user</role>
<mail>role=Adm+ tom@uni.lu</mail>
</user>
Malicous XML message
Candidate
Input String
• The front-end web application (SUT) is a black-box
• The search space is huge: all possible input strings (I1, .., In)
• Genetic algorithms
42. Searching for Input Strings
43
Evaluation
Selection
Crossover
Mutation
Genetic
Algorithm
Initial
Solutions Random Strings
Email:“role=Adm”
+tom@uni.lu
Usr: Tom
Psw: m1U9q10
43. Searching for Input Strings
44
Evaluation
Selection
Crossover
Mutation
Genetic
Algorithm
Initial
Solutions Random Strings
Email:“role=Adm”
+tom@uni.lu
Usr: Tom
Psw: m1U9q10
Target Edit
Distance
XMLXML
44. Searching for Input Strings
45
Evaluation
Selection
Crossover
Mutation
Genetic
Algorithm
Initial
Solutions Changed Input Strings
Email:“role=…”
+tom@uni.lu
Usr: Tom
Psw: m1U9q10
XML
XML
XML
New XML
messages
45. Results
46
Application
% TO Coverage
(search)
% TO Coverage
(random)
Avg. Exec time per TO
(min-max) in mins
SBANK
(Insecure)
100 0 10-31
SSBANK
(Secure)
36.73 0 11-25
XMLMao
(open source)
100 0 5-7
M
(Industrial App)
25 0 32
Note: Each experiment was repeated 10 Times to account for randomness.
48. Objectives & Strategy
49
• Oracle for vulnerability testing (e.g., are SQL injection
attacks successful?)
• Can also be used as database firewall
• Use of machine learning (unsupervised)
• Clustering: Model of legitimate SQL statements
• Detection of SQL injections: Are SQL statements clearly
distinct from the model of legitimate statements?
49. Detecting SQL Injection Attacks
50
Parsing Pruning
Edit
Distance
Clustering
SQL
Legitimate
Execution Logs
Phase 1: Training to model legitimate statements
SQL
Security
Testing Logs
Parsing Pruning
Phase 2: Detection of SQL injections
52. Results
• Perfect recall: We catch all malicious SQL statements
• Low false positive rate: Very few legitimate statements get
flagged as malicious (~ 0.1%)
53
54. Requirements-Driven Testing
55
• Security and privacy requirements expressed as restricted
use case specifications plus keywords.
• Trade-off between free-form, natural language requirements
and analyzable requirements.
• Requirements-driven security testing to generate complex
attack scenarios is automated.
• Explicit testing rationale and traceability useful in the
context of required and verifiable compliance with standards
and regulations
55. Generating Test Input Data
56
•Test input generation => standard attack generation
(e.g., SQLi)
•Re-express the attack generation problem as a search
problem, using evolutionary computing
•Common challenge: Effective way to assess how close
we are to a successful attack and to detect successful
attacks automatically
56. Artificial Intelligence is Key
57
A number of key AI technologies are recurring in many
automated solutions for security testing:
•Natural Language Processing, e.g., SRL
•Machine learning, e.g., cluster analysis
•Evolutionary computing, e.g., genetic algorithms
58. References
59
•Mai et al., “Modeling Security and Privacy Requirements: a
Use Case-Driven Approach”, IST journal (Elsevier), 2018
•Mai et al., “A Natural Language Programming Approach for
Requirements-based Security Testing”, ISSRE 2018
•C. Wang et al., Automatic Generation of System Test Cases
from Use Case Specifications , ISSTA 2015
•C. Wang et al., Automated Generation of Constraints from Use
Case Specifications to Support System Testing, ICST 2018
•T. Yue et al., “Facilitating the transition from use case models
to analysis models: Approach and experiments”, ACM TOSEM
2013
59. References
60
•Jan et al., “Automatic Generation of Tests to Exploit XML Injection
Vulnerabilities in Web Applications”, IEEE Transaction on Software Engineering
(TSE), 2018
•Appelt et al., “A Machine Learning-Driven Evolutionary Approach for Testing
Web Application Firewalls, “IEEE Transaction on Reliability (TR), 2018
•Appelt et al., “Automatically Repairing Web Application Firewalls Based on
Successful SQL Injection Attacks”, IEEE 28th International Symposium on
Software Reliability Engineering (ISSRE 2017)
•Jan et al., “Search-based Testing Approach for XML Injection Vulnerabilities in
Web Applications”, Proc. of the 10th IEEE International Conference on Software
Testing, Verification and validation (ICST 2017)
•Jan et al., “Automated and Effective Testing of Web Services for XML Injection
Attacks”, Symposium on Software Testing and Analysis (ISSTA 2016)
60. References
61
•Ceccato et al., “SOFIA: An Automated Security Oracle for Black-Box Testing of SQL-
Injection Vulnerabilities”, 31th IEEE/ACM International Conference on Automated
Software Engineering (ASE 2016)
•Jan et al., “Known XML Vulnerabilities Are Still a Threat to Popular Parsers and Open
Source Systems”, IEEE International Conference on Software Quality, Reliability &
Security (QSR 2015)
•Appelt et al., “Behind an Application Firewall, Are We Safe from SQL Injection
Attacks?”, 8th International Conference on Software Testing, Verification, and
Validation (ICST 2015)
•Appelt et al., “Automated Testing for SQL Injection Vulnerabilities: An Input Mutation
Approach”, International Symposium on Software Testing and Analysis (ISSTA 2014)
61. .lusoftware verification & validation
VVS
Testing Security and Privacy
Requirements
Lionel Briand
NASAC 2018, China