SOFTWARE DEVELOPMENT LIFE CYCLE (SDLC) BASED METHOD TO TEST SECURITY OF THE AJAX-ENABLED RICH INTERNET APPLICATIONS
Due to the advantages that Rich Internet Application has provided for its users, it is becoming increasingly applicable and has transformed the World Wide Web from its traditional state, which is dependency on server-side, to an interactive relationship between server and client. Rich Internet Application(RIA) is utilizing various technologies such as Ajax, Flex, Silverlight and etc. Among them Ajax is more popular with developers due to its advantages and exclusive characteristics. Just as arrival of new technologies is accompanied by new problems, the arrival of Ajax to the World Wide Web was also accompanied by new challenges and security vulnerabilities. Since the security of the users is of great importance in the web environment, efforts have been made on presenting various methods of security testing of Ajax-Enabled R1A but, The asymmetric and vague behavior, and diverse technologies employed in Ajax, results in the disability to utilize the traditional security testing methods that were used for normal web applications. Therefore, the need for a method to test all the security aspects of an Ajax-Enabled R1A from its appearance to application in the web, is felt. No testing method can reach this goal unless it is accompanied by the SDLC to test the security requirements of the Ajax-Enabled R1A. The proposed solution in this paper is a SDLC based method, that can test all the existing vulnerabilities in an AjaxEnabled RIA. The solution is an integrated process to test all security aspects of the Ajax-Enabled RIA. The main advantages of this workflow include: higher reliability than other methods, being integrated with SDLC, completeness and Ajax technology compatibility.
Ajax Security Testing Rich Internet Application SDLC Peneteration Testing
ZIAEDDIN NAJAFIAN NEGAR ARABI HANNAH JANNATV
University of Kurdistan Iran, Sanandaj Kurdistan Electrical Distribution Company
国际会议
3rd International Conference on Mechanical and Electrical Technology(ICMET2011) (2011第三届机械与电气技术国际会议)
大连
英文
639-643
2011-08-26(万方平台首次上网日期,不代表论文的发表时间)