An optimized attack tree model for security test case planning and generation
Securing software assets via efficient test case management is an important task in order to realize business goals. Given the huge risks web applications face due to incessant cyberattacks, a proactive risk strategy such as threat modeling is adopted. It involves the use of attack trees for identif...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | en |
| Published: |
ongoing JATIT & LLS
2018
|
| Subjects: | |
| Online Access: | http://eprints.uthm.edu.my/5534/1/AJ%202018%20%28564%29.pdf http://eprints.uthm.edu.my/5534/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1833417878929408000 |
|---|---|
| author | Omotunde, Habeeb Ibrahim, Rosziati Ahmed, Maryam |
| author_facet | Omotunde, Habeeb Ibrahim, Rosziati Ahmed, Maryam |
| author_sort | Omotunde, Habeeb |
| building | UTHM Library |
| collection | Institutional Repository |
| content_provider | Universiti Tun Hussein Onn Malaysia |
| content_source | UTHM Institutional Repository |
| continent | Asia |
| country | Malaysia |
| description | Securing software assets via efficient test case management is an important task in order to realize business goals. Given the huge risks web applications face due to incessant cyberattacks, a proactive risk strategy such as threat modeling is adopted. It involves the use of attack trees for identifying software vulnerabilities at the earliest phase of software development which is critical to successfully protect these applications. Although, many researches have been dedicated to security testing with attack tree models, test case redundancy using this threat modeling technique has been a major issue faced leading to poor test coverage and expensive security testing exercises. This paper presents an attack tree modeling algorithm for deriving a minimal set of effective attack vectors required to test a web application for SQL injection vulnerabilities. By leveraging on the optimized attack tree algorithm used in this research work, the threat model produces efficient test plans from which adequate test cases are derived to ensure a secured web application is designed, implemented and deployed. The experimental result shows an average optimization rate of 41.67% from which 7 test plans and 13 security test cases were designed to mitigate all SQL injection vulnerabilities in the web application under test. A 100% security risk intervention of the web application was achieved with respect to preventing SQL injection attacks after applying all security recommendations from test case execution report. |
| format | Article |
| id | my.uthm.eprints-5534 |
| institution | Universiti Tun Hussein Onn Malaysia |
| language | en |
| publishDate | 2018 |
| publisher | ongoing JATIT & LLS |
| record_format | eprints |
| spelling | my.uthm.eprints-55342022-01-13T07:23:04Z http://eprints.uthm.edu.my/5534/ An optimized attack tree model for security test case planning and generation Omotunde, Habeeb Ibrahim, Rosziati Ahmed, Maryam QA71-90 Instruments and machines Securing software assets via efficient test case management is an important task in order to realize business goals. Given the huge risks web applications face due to incessant cyberattacks, a proactive risk strategy such as threat modeling is adopted. It involves the use of attack trees for identifying software vulnerabilities at the earliest phase of software development which is critical to successfully protect these applications. Although, many researches have been dedicated to security testing with attack tree models, test case redundancy using this threat modeling technique has been a major issue faced leading to poor test coverage and expensive security testing exercises. This paper presents an attack tree modeling algorithm for deriving a minimal set of effective attack vectors required to test a web application for SQL injection vulnerabilities. By leveraging on the optimized attack tree algorithm used in this research work, the threat model produces efficient test plans from which adequate test cases are derived to ensure a secured web application is designed, implemented and deployed. The experimental result shows an average optimization rate of 41.67% from which 7 test plans and 13 security test cases were designed to mitigate all SQL injection vulnerabilities in the web application under test. A 100% security risk intervention of the web application was achieved with respect to preventing SQL injection attacks after applying all security recommendations from test case execution report. ongoing JATIT & LLS 2018 Article PeerReviewed text en http://eprints.uthm.edu.my/5534/1/AJ%202018%20%28564%29.pdf Omotunde, Habeeb and Ibrahim, Rosziati and Ahmed, Maryam (2018) An optimized attack tree model for security test case planning and generation. Journal of Theoretical and Applied Information Technology, 96 (17). pp. 5635-5649. ISSN 1817-3195 |
| spellingShingle | QA71-90 Instruments and machines Omotunde, Habeeb Ibrahim, Rosziati Ahmed, Maryam An optimized attack tree model for security test case planning and generation |
| title | An optimized attack tree model for security test case planning and generation |
| title_full | An optimized attack tree model for security test case planning and generation |
| title_fullStr | An optimized attack tree model for security test case planning and generation |
| title_full_unstemmed | An optimized attack tree model for security test case planning and generation |
| title_short | An optimized attack tree model for security test case planning and generation |
| title_sort | optimized attack tree model for security test case planning and generation |
| topic | QA71-90 Instruments and machines |
| url | http://eprints.uthm.edu.my/5534/1/AJ%202018%20%28564%29.pdf http://eprints.uthm.edu.my/5534/ |
| url_provider | http://eprints.uthm.edu.my/ |