.lu software verification & validation V V S Automated and Effective Testing of Web Services for XML Injection Attacks Sadeeq Jan, Cu D. Nguyen, Lionel Briand Interdisciplinary Centre for Security, Reliability and Trust (SnT) University of Luxembourg ISSTA’16 The International Symposium on Software Testing and Analysis Saarland University, Saarbrücken, Germany. July 18-20, 2016
37
Embed
Automated and Effective Testing of Web Services for XML Injection Attacks
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
.lusoftware verification & validationVVS
Automated and Effective Testing of Web Services for XML Injection Attacks
Sadeeq Jan, Cu D. Nguyen, Lionel Briand Interdisciplinary Centre for Security, Reliability and Trust (SnT)
University of Luxembourg
ISSTA’16 The International Symposium on Software Testing and Analysis Saarland University, Saarbrücken, Germany. July 18-20, 2016
MO_der_meta Inserts an XML meta-character into the selected element of the input XML message
MO_der_att Removes a quote from the value of a selected attribute of an element
Type 2 Random
closing tags MO_clo Adds </test> into the content of a selected XML
element of the message
Type 3 Replicating MO_replica
Replicates an XML element, injects it with a new content and place it at the location right after the selected element
Type 4 Replacing MO_replace
Replicates an XML element, obtains a new content, comments out the selected element, and injects the new one at its location
16
Injection Grammar
17
Generate attack strings for elements in XML (e.g. SQL Injection attack strings based on the grammar)
SQL Injection Grammar *
* D. Appelt, C. Nguyen, and L. Briand. Behind an application firewall, are we safe from sql injection attacks? In Software Testing, Verification and Validation (ICST), 2015 IEEE 8th International Conference on, pages 1–10, April 2015.
18
Test Generation Process (for Type 3-4)
Select Element
Tests Gen. Completed?
End
No
Yes
Extract constraints from the XML Schema
Solve Constraints, generate attack string using Constraint Solver
Mutate Element with the attack string
XML Element
Schema Constraints Attack String Ti
Transform constraints to the Solver’s input language
Injection Grammar
Start
XML
Schema
19
Test Generation Process (for Type 3-4)
Select Element
Tests Gen. Completed?
End
No
Yes
Extract constraints from the XML Schema
Solve Constraints, generate attack string using Constraint Solver
Mutate Element with the attack string
XML Element
Schema Constraints Attack String Ti
Transform constraints to the Solver’s input language
Injection Grammar
Start
XML
Schema
20
Test Generation Process (for Type 3-4)
Select Element
Tests Gen. Completed?
End
No
Yes
Extract constraints from the XML Schema
Solve Constraints, generate attack string using Constraint Solver
Mutate Element with the attack string
XML Element
Schema Constraints Attack String Ti
Transform constraints to the Solver’s input language
Injection Grammar
Start
XML
Schema
21
Test Generation Process (for Type 3-4)
Select Element
Tests Gen. Completed?
End
No
Yes
Extract constraints from the XML Schema
Solve Constraints, generate attack string using Constraint Solver
Mutate Element with the attack string
XML Element
Schema Constraints Attack String Ti
Transform constraints to the Solver’s input language
Injection Grammar
Start
XML
Schema
22
Test Generation Process (for Type 3-4)
Select Element
Tests Gen. Completed?
End
No
Yes
Extract constraints from the XML Schema
Solve Constraints, generate attack string using Constraint Solver
Mutate Element with the attack string
XML Element
Schema Constraints Attack String Ti
Transform constraints to the Solver’s input language
Injection Grammar
Start
XML
Schema
23
Test Generation Process (for Type 3-4)
Select Element
Tests Gen. Completed?
End
No
Yes
Extract constraints from the XML Schema
Solve Constraints, generate attack string using Constraint Solver
Mutate Element with the attack string
XML Element
Schema Constraints Attack String Ti
Transform constraints to the Solver’s input language
Injection Grammar
Start
XML
Schema
24
Test Generation Process (for Type 3-4)
Select Element
Tests Gen. Completed?
End
No
Yes
Extract constraints from the XML Schema
Solve Constraints, generate attack string using Constraint Solver
Mutate Element with the attack string
XML Element
Schema Constraints Attack String Ti
Transform constraints to the Solver’s input language