TUM Logo

Proxy-based State Analysis of Web Applications

Normally security testing of web applications is performed as a semi-automatic black box test with a high human interaction part. Aim of this thesis is the development of a tool to capture the manual security test with a proxy. The information gathered within in the manual test should be graphically and human understandably visualized. With predefined patterns an automated security test for the state based automaton is performed. One of the main tasks is to identify states and state transitions of web applications and to develop a tool to comprehend and visualize this information. Furthermore the theoretical and scientific foundations required for this approach are briefly presented and discussed.

Proxy-based State Analysis of Web Applications

Supervisor(s): Marcel Kulicke
Status: finished
Topic: Monitoring (VMI etc.)
Author: Simon Bastian
Submission: 2014-10-15
Type of Thesis: Masterthesis
Proof of Concept No
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Astract:

Normally security testing of web applications is performed as a semi-automatic black box test with a high human interaction part. Aim of this thesis is the development of a tool to capture the manual security test with a proxy. The information gathered within in the manual test should be graphically and human understandably visualized. With predefined patterns an automated security test for the state based automaton is performed. One of the main tasks is to identify states and state transitions of web applications and to develop a tool to comprehend and visualize this information. Furthermore the theoretical and scientific foundations required for this approach are briefly presented and discussed.