IMATT: An Integrated Multi-Agent Testing Tool for the Security of Agent-Based Web Applications

Fathy E.Eassa, M. Zaki, Ahmed M. Eassa, Tahani Aljehani
2013 World Journal of Computer Application and Technology  
In this paper, an integrated multiagent testing tool, is presented. Such tool comprises static analyzer, dynamic tester and an integrator of the two components for detecting security vulnerabilities and errors in agent based web applications written in Java. The static analysis component analyzes the source code of the web application to identify the locations of security vulnerabilities and displays them to the programmer. Consequently, dynamic testing of the web application is carried out.
more » ... e, a temporal-based assertion language is introduced to help in detecting security violations (errors) in the underlying application. The proposed language has operators for detecting SQL injection and cross-site scripting, XSS, security errors. The dynamic tester consists of two components: instrumentor (preprocessor) and run-time-agent. The instrumentor has many modules that have been implemented as software agents using Java language under the control of a multi agent framework. The agents of the instrumentor are: static analyzer agent, parser agent, and code converter agent. Moreover, an integrator for integrating both static and dynamic analyses is employed. Eventually the implementation details of IMATT are reported.
doi:10.13189/wjcat.2013.010201 fatcat:5qpcjifh3rgztonypxymschuai