Proxy-based State Analysis of Web Applications
Normally security testing of web applications is performed as a semi-automatic black box test with a high human interaction part. Aim of this thesis is the development of a tool to capture the manual security test with a proxy. The information gathered within in the manual test should be graphically and human understandably visualized. With predefined patterns an automated security test for the state based automaton is performed. One of the main tasks is to identify states and state transitions of web applications and to develop a tool to comprehend and visualize this information. Furthermore the theoretical and scientific foundations required for this approach are briefly presented and discussed.
Proxy-based State Analysis of Web Applications
Supervisor(s): |
Marcel Kulicke |
Status: |
finished |
Topic: |
Monitoring (VMI etc.) |
Author: |
Simon Bastian |
Submission: |
2014-10-15 |
Type of Thesis: |
Masterthesis
|
Proof of Concept |
No |
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching
|
Astract:Normally security testing of web applications is performed as a semi-automatic black box test with a high human interaction part. Aim of this thesis is the development of a tool to capture the manual security test with a proxy. The information gathered within in the manual test should be graphically and human understandably visualized. With predefined patterns an automated security test for the state based automaton is performed. One of the main tasks is to identify states and state transitions of web applications and to develop a tool to comprehend and visualize this information. Furthermore the theoretical and scientific foundations required for this approach are briefly presented and discussed. |