An Integrated Multi-Agent Testing Tool for Security Checking of Agent-Based Web Applications

Authors: , , ,

Abstract: In this paper, an integrated multiagent testing tool, is presented. Such tool comprises static analyzer, dynamic tester and an integrator of the two components for detecting security vulnerabilities and errors in agent based web applications written in Java. The static analysis component analyzes the source code of the web application to identify the locations of security vulnerabilities and displays them to the programmer. Consequently, dynamic testing of the web application is carried out. Here, a temporal-based assertion language is introduced to help in detecting security violations (errors) in the underlying application. The proposed language has operators for detecting SQL injection and cross-site scripting, XSS, security errors. The dynamic tester consists of two components: instrumentor (preprocessor) and run-time-agent. The instrumentor has many modules that have been implemented as software agents using Java language under the control of a multi agent framework. The agents of the instrumentor are: static analyzer agent, parser agent, and code converter agent. Moreover, an integrator for integrating both static and dynamic analyses is employed. Eventually the implementation details of IMATT are reported.

WSEAS Transactions on Computers, ISSN / E-ISSN: 1109-2750 / 2224-2872, Volume 13, 2014, Art. #2

PDF
XML
Cite
×
Citation Tools
WSEAS AMA
Fathy E.Eassa, M.Zaki, Ahmed M. Eassa, Tahani Aljehani, "An Integrated Multi-Agent Testing Tool for Security Checking of Agent-Based Web Applications," WSEAS Transactions on Computers, vol. 13, pp. 9-19, 2014, DOI:
Fathy E.Eassa, M.Zaki, Ahmed M. Eassa, Tahani Aljehani. An Integrated Multi-Agent Testing Tool for Security Checking of Agent-Based Web Applications. WSEAS Transactions on Computers. 2014;13:9-19.
Copy to Clipboard
Citation copied to Clipboard

Certification

---