Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks: Difference between revisions
Programsam (talk | contribs) |
Programsam (talk | contribs) |
||
| Line 33: | Line 33: | ||
== 13. End Notes == | == 13. End Notes == | ||
# The CWE/SANS Top 25 can be found at http://cwe.mitre.org/top25/ | |||
# http://sourceforge.net/projects/iTrust/?source=directory | |||
# http://sourceforge.net/projects/hispacta/?source=directory | |||
# http://sourceforge.net/projects/logicService/?source=directory | |||
# http://sourceforge.net/projects/Tudu/?source=directory | |||
# http://www.junit.org | |||
# http://sourceforge.net/projects/htmlunit/?source=directory | |||
# The approach we propose in this paper tests the web application in the context of its server; a system level technique. However, our approach also targets specific areas (“hotspots”) of the web application; a unit level technique. Thus, the way we use HtmlUnit in our case study is a hybrid of system level and unit level approaches, which is technically considered grey box testing <sup>[8, 9]</sup>. | |||
[[Category:Conference Papers]] | [[Category:Conference Papers]] | ||