Download - SPaCiTE – Web Application Testing Engine
![Page 1: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/1.jpg)
Please insert a figure in the master transparency.
KIT – University of the State of Baden-Wuerttemberg and National Research Center of the Helmholtz Association
Certifiable Trustworthy IT Systems
www.kit.edu
flickr.com/photos/85638163@N00/4627233065/sizes/l/in/photostream/
SPaCiTE – Web Application Testing Engine
Matthias Büchler, Johan Oudinet, and Alexander PretschnerApril 21, 2012
![Page 2: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/2.jpg)
M. Büchler, J. Oudinet, A. Pretschner2 SPaCiTE – Web Application Testing Engine
Motivation / Purpose of the Tool
Secure Model: M ⊨ φ Is Web Application Secure ?
Web Application
How does a secure model help to answer this question?
![Page 3: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/3.jpg)
M. Büchler, J. Oudinet, A. Pretschner3 SPaCiTE – Web Application Testing Engine
Motivation / Purpose of the Tool
Client Side Server Side
![Page 4: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/4.jpg)
M. Büchler, J. Oudinet, A. Pretschner4 SPaCiTE – Web Application Testing Engine
Motivation / Purpose of the Tool
![Page 5: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/5.jpg)
M. Büchler, J. Oudinet, A. Pretschner5 SPaCiTE – Web Application Testing Engine
SPaCiTE Workflow
How SPaCiTE executes test cases (attack traces) based on secure
models
![Page 6: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/6.jpg)
M. Büchler, J. Oudinet, A. Pretschner6 SPaCiTE – Web Application Testing Engine
The Secure Model – Abstract Messages
![Page 7: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/7.jpg)
M. Büchler, J. Oudinet, A. Pretschner7 SPaCiTE – Web Application Testing Engine
The Secure Model – Horn Clauses
![Page 8: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/8.jpg)
M. Büchler, J. Oudinet, A. Pretschner8 SPaCiTE – Web Application Testing Engine
The Secure Model – The Honest User
![Page 9: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/9.jpg)
M. Büchler, J. Oudinet, A. Pretschner9 SPaCiTE – Web Application Testing Engine
The Secure Model – The Server
![Page 10: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/10.jpg)
M. Büchler, J. Oudinet, A. Pretschner10 SPaCiTE – Web Application Testing Engine
The Secure Model – Secrecy Goal
![Page 11: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/11.jpg)
M. Büchler, J. Oudinet, A. Pretschner11 SPaCiTE – Web Application Testing Engine
Model-Based Flaw Injection Library
<configuration>
<ACflaw><funcname>isAuthorizedTo*</funcname>
</ACflaw>
</configuration>
![Page 12: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/12.jpg)
M. Büchler, J. Oudinet, A. Pretschner12 SPaCiTE – Web Application Testing Engine
Model Checking
SATMCCL-ATSE
OFMC
Reuse AVANTSSAR Backends
![Page 13: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/13.jpg)
M. Büchler, J. Oudinet, A. Pretschner13 SPaCiTE – Web Application Testing Engine
Abstract Attack Trace
<tom> ->* webServer : login(tom,password(tom,webServer))webServer -> <tom> : listStaffOf(tom)<tom> *-> webServer : viewProfileOf(jerry)webServer *->* <tom> : profileOf(jerry)
![Page 14: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/14.jpg)
M. Büchler, J. Oudinet, A. Pretschner14 SPaCiTE – Web Application Testing Engine
Transform AAT to WAAL
Configuration InformationHow are abstract messages translated into actions
How is a viewProfileOf message generated in the browser?
![Page 15: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/15.jpg)
M. Büchler, J. Oudinet, A. Pretschner15 SPaCiTE – Web Application Testing Engine
Transform AAT to WAAL
How are abstract messages translated into actions
![Page 16: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/16.jpg)
M. Büchler, J. Oudinet, A. Pretschner16 SPaCiTE – Web Application Testing Engine
Transform AAT to WAAL
Translate WAAL actions to Java source codeEmbed them into a test execution engine skeleton
![Page 17: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/17.jpg)
M. Büchler, J. Oudinet, A. Pretschner17 SPaCiTE – Web Application Testing Engine
Execution
Execute the test caseRecovery actions might be needed
![Page 18: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/18.jpg)
M. Büchler, J. Oudinet, A. Pretschner18 SPaCiTE – Web Application Testing Engine
Example of a Recovery Action
![Page 19: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/19.jpg)
M. Büchler, J. Oudinet, A. Pretschner19 SPaCiTE – Web Application Testing Engine
![Page 20: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/20.jpg)
M. Büchler, J. Oudinet, A. Pretschner20 SPaCiTE – Web Application Testing Engine
Verdict
![Page 21: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/21.jpg)
M. Büchler, J. Oudinet, A. Pretschner21 SPaCiTE – Web Application Testing Engine
Conclusion
Semi-automatic security testing of web applicationsAutomatic at browser levelMay request help from a test expert at HTTP level
Interesting abstract attack traces were generated by injecting relevant source code level faults into the model
Relevant fault = known vulnerability that have been exploited to violate any security goal in the secure model.
We were able to reproduce all 4 Abstract Attack Traces coming from 2 RBAC and 2 XSS models
![Page 22: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/22.jpg)
M. Büchler, J. Oudinet, A. Pretschner22 SPaCiTE – Web Application Testing Engine
Future Work
Target different vulnerabilities and security goals
Address side effects during recovery actions
Extend the tool when global observation is not possible
Integration work as part of SPaCiOS EU project
www.spacios.eu
* Demo on request, or visit: http://zvi.ipd.kit.edu/26_500.php
![Page 23: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/23.jpg)
M. Büchler, J. Oudinet, A. Pretschner23 SPaCiTE – Web Application Testing Engine
Model-Based Flaw Injection Library
Mutation Operator represent vulnerabilities at model levelThey combine a security property and a vulnerability
![Page 24: SPaCiTE – Web Application Testing Engine](https://reader036.vdocuments.site/reader036/viewer/2022062323/568163e9550346895dd55a5f/html5/thumbnails/24.jpg)
M. Büchler, J. Oudinet, A. Pretschner24 SPaCiTE – Web Application Testing Engine
Assumptions and Limitations
Secure model must exist → If not, try to make use of model inference
Each abstract message must be mappable to WAAL actionsthat means every abstract message must be expressed in terms of generating and/or verifying actions at browser levelthat doesn’t imply that action must be performed in browser → see Recovery Actions → If not, WAAL actions can be bypassed and abstract message is directly mapped to protocol level messages (no guidance by SPaCiTE)
Used model checker considers the Dolev Yao Model for the intruder behavior
Intruder is the network (Every component must be wrapped by a Proxy to have global observation property)
No side effects during recovery actionsDeterministic system