Strengthening Web Application Security: A Penetration Regression Test Selection Algorithm for Early Detection of Buffer Overflow Vulnerability

Authors

  • Shilpa R. G., Jhilmil Basu, T. P. Pushphavathi, P. V. R. Murthy

Keywords:

Branch coverage, Buffer overflow, Code coverage, Penetration testing, Regression testing, Regression test selection, Security testing, Vulnerability

Abstract

Web applications are prime targets for security breaches, making rigorous regression testing essential to prevent adverse impacts from modifications or enhancements. The aim of regression testing is to ensure that improvements or modifications to a program's functionality do not adversely affect its current operations. Regression testing is essential as it reduces the size of the test suite, thus reducing the time and effort for testing as a system or application is modified. Regression test selection methods are used widely in functional testing but not addressed in context with penetration or security testing. The traditional regression testing techniques and code coverage (branch coverage) based test adequacy measurements, are found to be inadequate. This paper proposes a novel algorithm for penetration regression test selection along with extended branch coverage criteria predominantly focusing on buffer overflow vulnerability. The algorithm is based on the control-flow structure of the program. Additionally this approach provides a systematic method to detect buffer overflow vulnerability in the unit testing phase of early software development life cycle for the practitioners.

Downloads

Download data is not yet available.

References

Xiaowei Li and Yuan Xue. A Survey on Server-Side Approaches to Securing Web Applications. ACM Computing Surveys (CSUR), 46 (4), Article 54, 1-30, 2014

Halfond, W., Choudhary, S. and Orso, A. Improving penetration testing through static and dynamic analysis- Software Testing, Verification and Reliability, 21(3), pp.195-214, 2011. http://doi.org/ 10.1002/stvr.450

Benjamin A.K., Carla E.B., Hilmi O., Vijaykumar T.N., Detection and Prevention of Stack Buffer Overflow Attacks, Communications of the Association of Computing Machinery, ACM, 48 (11), 2005, pp.50-56.

H. Do, Chapter Three - Recent Advances in Regression Testing Techniques, Editor(s): Atif M. Memon, Advances in Computers, Elsevier, Volume 103, 2016, Pages 53-77, ISSN 0065-2458, ISBN 9780128099414,https://doi.org/10.1016/bs.adcom.2016.04.004.

Emelie Engström, Per Runeson, Mats Skoglund, A systematic review on regression test selection techniques

Information and Software Technology, Volume 52, Issue 1, Pages 14-30, 2010, ISSN 0950-5849, https://doi.org/10.1016/j.infsof.2009.07.001.

Rahmani, Ani & Min, J & Maspupah, Asri. An empirical study of regression testing techniques. Journal of Physics: Conference Series. 2021. 1869. 012080. 10.1088/1742-6596/1869/1/012080.

J.Bhandari P and Singh A 2017 Review of object-oriented coupling based test case selection in model based testing Proc. 2017Int. Conf. Intell. Comput. Control Syst. ICICCS 2017 2018- Janua 1161–5

Banias O Test case selection-prioritization approach based on memoization dynamic programming algorithm Inf. Softw. Technol. 2019,115 119–30

Felderer, Michael & Fourneret, Elizabeta. A systematic classification of security regression testing approaches. International Journal on Software Tools for Technology Transfer. 2015.10.1007/s10009-015-0365-2.

Yoo, S., Harman, M.: Regression testing minimisation, selection and prioritisation: a survey. Softw. Test. Verif. Reliab. 1(1), 121–141 2010

Tarhini, Abbas, Zahi Ismail, and Nashat Mansour. "Regression Testing Web Applications". International Conference On Advanced Computer Theory And Engineering. New York: IEEE, 2008. 902-906. Print

Allahbaksh Asadullah, Richa Mishra, M. Basavaraju, and Nikita Jain. “A call trace based technique for regression test selection of enterprise web applications (SoRTEA)”. Proceedings of the 7th India Software Engineering Conference on ISEC '14.2014. DOI:http://dx.doi.org/10.1145/2590748.2590770

Graves, T.L., Harrold, M.J., Kim, J.M., Porter, A., Rothermel, G.:An empirical study of regression test selection techniques. ACM Trans. Softw. Eng. Methodol. 10, 184–208 2001

Sunidhi Puri, Abhishek Singhal, Abhay Bansal. “Study and Analysis of Regression Test Case Selection Techniques”. International Journal of Computer Applications. 101, 3 September 2014, 45-50. DOI=10.5120/17671-8504

Qurat Farooq. “Model-Based Regression Testing”. Emerging Technologies for the Evolution and Maintenance of Software Models. 2012. 10.4018/978-1-61350-438-3

Shahid, Dr Muhammad. “Code Coverage Information to Support Regression Testing”. The International Conference on Informatics and Applications (ICIA.2012). 233-239

Tao Y., Lingmin Z., Linzhang W., Xuandong L., An Empirical Study on Detecting and Fixing Buffer Overflow Bugs, IEEE International Conference on Software Testing, Verification and Validation (ICST), 2016. Chicago, IL, pp.91-101

Paul E.B., Irena B. Defeating Buffer Overflow: A Trivial but Dangerous Bug, IEEE IT Professional, 2016.Vol.18, Issue 6, pp.58-61

Khan, S.U.R., et al., A Systematic Review on Test Suite Reduction: Approaches, Experiment’s Quality Evaluation, and Guidelines. IEEE Access, 2018. 10

Bokil, P., P. Krishnan, and R. Venkatesh, Achieving Effective Test Suites for Reactive Systems using Specification Mining and Test Suite Reduction Techniques. ACM SIGSOFT Software Engineering Notes, 2015. 40(1): p.1-8

Beizer, B. “Software Testing Techniques”, Itp-Media, 2nd edition, 1990

Shahriar, H. and Zulkernine, M. “Mitigating Program Security Vulnerabilities: Approaches and Challenges”, Journal ACM Computing Surveys. 2012

Downloads

Published

11.05.2024

How to Cite

Shilpa R. G. (2024). Strengthening Web Application Security: A Penetration Regression Test Selection Algorithm for Early Detection of Buffer Overflow Vulnerability. International Journal of Intelligent Systems and Applications in Engineering, 12(21s), 3073 –. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/5963

Issue

Section

Research Article