Method using command abstraction library for iterative testing security of web applications

Seiji Munetoh, Nobukazu Yoshioka

Research output: Chapter in Book/Report/Conference proceedingChapter


A framework based on a scripting language is commonly used in Web application development, and high development efficiency is often achieved by applying several Agile development techniques. However, the adaptation of security assurance techniques to support Agile development is still underway, particularly from the developer’s perspective. The authors have addressed this problem by developing an iterative security testing method that splits the security test target application into two parts on the basis of the code lifecycle, application logic (“active development code”) and framework (“used code”). For the former, detailed security testing is conducted using static analysis since it contains code that is changed during the iterative development process. For the latter, an abstraction library at the command granularity level is created and maintained. The library identifies the behavior of an application from the security assurance standpoint. This separation reduces the amount of code to be statically inspected and provides a mechanism for sharing security issues among application developers using the same Web application framework. Evaluation demonstrated that this method can detect various types of Web application vulnerabilities.

Original languageEnglish
Title of host publicationApplication Development and Design
Subtitle of host publicationConcepts, Methodologies, Tools, and Applications
PublisherIGI Global
Number of pages24
ISBN (Electronic)9781522534235
ISBN (Print)9781522536000
Publication statusPublished - 2017 Jan 1
Externally publishedYes

ASJC Scopus subject areas

  • Computer Science(all)


Dive into the research topics of 'Method using command abstraction library for iterative testing security of web applications'. Together they form a unique fingerprint.

Cite this