請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/10624
標題: | 網頁應用程式滲透測試案例之自動化產生 Automatic Generation of Penetration Test Cases for Web Applications |
作者: | Sheng-Feng Yu 游昇峰 |
指導教授: | 蔡益坤(Yih-Kuen Tsay) |
關鍵字: | 測試案例,自動化測試,靜態分析,安全性漏洞,網頁應用程式, Test Cases,Automatic Testing,Static Analysis,Security Vulnerability,Web Applications, |
出版年 : | 2010 |
學位: | 碩士 |
摘要: | 隨著網頁應用程式蓬勃發展,網頁應用程式的安全性日趨重要。目前有許多檢測工具可以幫助程式設計師找出程式中的安全性漏洞,然而依據檢測工具使用分析方法的不同各有其優缺點。分析方法大約分為兩類,一類是使用靜態分析方法直接對程式碼進行分析找出程式中可能的弱點,另一類則是透過動態分析方法在執行程式的環境下進行分析。其中,靜態分析方法為了評估程式所有可能的狀態,必須藉由抽象化的技術來表述,然而這樣的方式卻不可避免地造成分析結果有誤報的情形。至於動態分析方法的問題則在於程式執行的狀態下進行分析很難能夠完全涵蓋程式所有可能執行的路徑,因此分析結果易有漏報的情形。一般而言,嚴謹的程式碼檢測流程需要專家檢視工具分析的結果去排除誤報的情況,然而這樣的動作是非常耗時的,此外專家的知識也會影響判斷的正確性。
本篇論文的貢獻是整合靜態分析與動態測試方法產生滲透測試案例,並且透過自動化執行產生的測試案例來確認弱點,藉此減少專家需要檢視的弱點數量。主要方法是利用廣度優先演算法針對每個弱點使用反向資料流分析找出所有可走到弱點發生位置的源頭,並且針對每條從源頭到弱點發生位置的路徑蒐集限制條件式,再根據弱點種類附加相對應的攻擊字串,最後透過限制式解算器求出各個路徑是否存在一組可行解能夠滿足蒐集的限制條件式。如果存在一組可行解表示攻擊者可攻穿此條路徑的弱點,我們依據限制式解算器算出的結果產生滲透測試案例。接著透過自動化測試的方式執行測試案例,確認真實存在一個攻擊情境可攻穿工具找出的弱點。整體而言,藉由整合靜態分析與動態測試產生測試案例,並且在網站的架構下能夠自動化展示攻擊情境來確認弱點的存在,提供檢測者一個較具準確性的檢測結果。 As our daily life increasingly relies on the Web, security of Web applications has become more and more important. There exist quite a few analysis tools that can help programmers find vulnerabilities in Web applications, but there is still much room for improvement. These tools can be roughly divided into two groups by their analysis approaches. One uses static analysis, while the other uses dynamic analysis. The biggest difference between the two groups is that static analysis does not execute the Web applications when performing an analysis, but dynamic analysis does. Besides, static analysis needs to exercise over-approximation techniques to evaluate possible states of the program, which might introduce false positives to the analysis results. On the other hand, dynamic analysis encounters difficulties when it has to generate dynamically as many test cases as possible to cover all paths in the program. The results of dynamic analysis usually contain false negatives because of lower path coverage rates. In general, a rigorous code review process requires human experts to manually inspect the analysis result from analysis tools. It is an essential but time-consuming and error-prone task. In this thesis, we propose an approach for combining static analysis and dynamic testing to confirm the true vulnerabilities and hence reduce the number of vulnerabilities that human experts have to examine. We apply backward data flow analysis to explore all executable paths of the corresponding vulnerabilities in the target program. In the process of exploring all possible paths by the breadth-first search algorithm, our approach collects simultaneously constraint information along a path. Afterward, we append an attack pattern to the sink variable and try to generate test cases by manipulating constraint solvers to solve collected constraints. Furthermore, given a generated test case, we provide a Web-based testing which can automatically execute the test case and confirm the existence of vulnerabilities. On the whole, our approach integrates static analysis and dynamic testing to provide test cases generation and Web-based test cases execution, producing high-confidence results. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/10624 |
全文授權: | 同意授權(全球公開) |
顯示於系所單位: | 資訊管理學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-99-1.pdf | 586.78 kB | Adobe PDF | 檢視/開啟 |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。