Some Modeling Challenges When Testing Rich Internet Applications for Security

Some Modeling Challenges When Testing Rich Internet Applications for Security

Web-based applications are becoming more ubiquitous day by day, and among these applications, a new trend is emerging: rich Internet applications (RIAs), using technologies such as Ajax, Flex, or Silverlight, break away from the traditional approach of Web applications having server-side computation...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Benjamin, Kamara, v. Bochmann, Gregor, Jourdan, Guy-Vincent, Onut, Iosif-Viorel
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Application software
Automatic testing
Data security
formal models
Internet
Protocols
Rendering (computer graphics)
rich Internet applications
software security
Software standards
Software testing
Software tools
Web server
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Web-based applications are becoming more ubiquitous day by day, and among these applications, a new trend is emerging: rich Internet applications (RIAs), using technologies such as Ajax, Flex, or Silverlight, break away from the traditional approach of Web applications having server-side computation and synchronous communications between the web client and servers. RIAs introduce new challenges, new security vulnerabilities, and their behavior makes it difficult or impossible to test with current web-application security scanners. A new model is required to enable automated scanning of RIAs for security. In this paper, we evaluate the shortcomings of current approaches, we elaborate a framework that would permit automated scanning of RIAs, and we provide some directions to address the open problems.
DOI:10.1109/ICSTW.2010.46