Reference : Automated and Effective Security Testing for XML-based Vulnerabilities
Dissertations and theses : Doctoral thesis
Engineering, computing & technology : Computer science
Security, Reliability and Trust
Automated and Effective Security Testing for XML-based Vulnerabilities
Jan, Sadeeq mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) > ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)]
University of Luxembourg, ​​Luxembourg
Docteur en Informatique
Briand, Lionel mailto
Nejati, Shiva mailto
Pastore, Fabrizio mailto
Armando, Alessandro mailto
Gorla, Alessandra mailto
Panichella, Annibale mailto
[en] Security testing ; XML injection ; Search-based software testing
[en] Nowadays, the External Markup Language (XML) is the most commonly used technology in web services for enabling service providers and consumers to exchange data. XML is also widely used to store data and configuration files that control the operation of software systems. Nevertheless, XML suffers from several well-known vulnerabilities such as XML Injections (XMLi). Any exploitation of these vulnerabilities might cause serious and undesirable consequences, e.g., denial of service and accessing or modifying highly-confidential data. Fuzz testing techniques have been investigated in the literature to detect XMLi vulnerabilities. However, their success rate tends to be very low since they cannot generate complex test inputs required for the detection of these vulnerabilities. Furthermore, these approaches are not effective for real-world complex XML-based enterprise systems, which are composed of several components including front-end web applications, XML gateway/firewall, and back-end web services.

In this dissertation, we propose several automated security testing strategies for detecting XML-based vulnerabilities. In particular, we tackle the challenges of security testing in an industrial context. Our proposed strategies, target various and complementary aspects of security testing for XML-based systems, e.g., test case generation for XML gateway/firewall. The development and evaluation of these strategies have been done in close collaboration with a leading financial service provider in Luxembourg/Switzerland, namely SIX Payment Services (formerly known as CETREL S.A.). SIX Payment Services processes several thousand financial transactions daily, providing a range of financial services, e.g., online payments, issuing of credit and debit cards.

The main research contributions of this dissertation are:
-A large-scale and systematic experimental assessment for detecting vulnerabilities in numerous widely-used XML parsers and the underlying systems using them. In particular, we targeted two common XML parser’s vulnerabilities: (i) XML Billion Laughs (BIL), and (ii) XML External Entities (XXE).
- A novel automated testing approach, that is based on constraint-solving and input mutation techniques, to detect XMLi vulnerabilities in XML gateway/firewall and back-end web services.
- A black-box search-based testing approach to detect XMLi vulnerabilities in front-end web applications. Genetic algorithms are used to search for inputs that can manipulate the application to generate malicious XML messages.
- An in-depth analysis of various search algorithms and fitness functions, to improve the search-based testing approach for front-end web applications.
- Extensive evaluations of our proposed testing strategies on numerous real-world industrial web services, XML gateway/firewall, and web applications as well as several open-source systems.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)
Fonds National de la Recherche - FnR
Researchers ; Professionals ; Students
FnR ; FNR6024200 > Sadeeq Jan > ADXMLI > An Effective Automated Testing Approach For Detection Of Xml Injection > 15/09/2013 > 14/09/2017 > 2013

File(s) associated to this reference

Fulltext file(s):

Open access
sadeeqThesis.pdfAuthor postprint3.04 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.