Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks: Difference between revisions
Programsam (talk | contribs) |
Programsam (talk | contribs) |
||
| Line 78: | Line 78: | ||
# The approach we propose in this paper tests the web application in the context of its server; a system level technique. However, our approach also targets specific areas (“hotspots”) of the web application; a unit level technique. Thus, the way we use HtmlUnit in our case study is a hybrid of system level and unit level approaches, which is technically considered grey box testing <sup>[8, 9]</sup>. | # The approach we propose in this paper tests the web application in the context of its server; a system level technique. However, our approach also targets specific areas (“hotspots”) of the web application; a unit level technique. Thus, the way we use HtmlUnit in our case study is a hybrid of system level and unit level approaches, which is technically considered grey box testing <sup>[8, 9]</sup>. | ||
# http://www.mysql.com | # http://www.mysql.com | ||
# http://www.hibernate.com | |||
# http://sourceforge.net | |||
# http://eclipse.org/webtools/ | |||
# For larger applications, one could use a static analyzer to determine hotspots’ locations. | |||
[[Category:Conference Papers]] | [[Category:Conference Papers]] | ||