Evolutionary Security Testing of Web Applications (Fast Abstract)
Unlike system software's which often go through a formal modeling, testing and verification process, web applications are usually developed by application programmers under market pressure. It is estimated by WSAC recently that 99% of web applications worldwide do not comply with PCI DSS Standard. 80 - 96% of them have high risk level vulnerabilities, and 13% can be compromised automatically. Complexity of modern web applications usually leads to low coverage of test cases which are designed manually. This paper proposes an evolutionary testing strategy that automatically synthesizes test cases for penetrating web applications, based on an initial set of data on user interaction sessions.