Web applications are deployed on machines around the globe and offer almost universal accessibility. These applications assure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements is data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements often result in security leaks that malicious users eventually exploited. In this context, the application of different testing methods is of utmost importance in order to detect software defects during development and to prevent unauthorized access in advance. In this paper, we contribute to test automation for web applications. In particular, we focus on using planning for testing where we introduce underlying models covering attacks and their use in testing of web applications. The planning model offers a high degree of extendibility and configurability and as well overcomes limits of traditional graphical representations. New testing possibilities emerge that eventually lead to better vulnerability detection, therefore ensuring more secure web services and applications.

中文翻译：

---

使用攻击语法对 Web 应用程序进行基于规划的安全测试

Web 应用程序部署在全球各地的机器上，并提供几乎通用的可访问性。这些应用程序可确保不同组件之间 24/7 的功能互连。最重要的要求之一是数据机密性和安全身份验证。但是，实施缺陷和未满足的要求通常会导致恶意用户最终利用的安全漏洞。在这种情况下，应用不同的测试方法对于在开发过程中检测软件缺陷并提前防止未经授权的访问至关重要。在本文中，我们为 Web 应用程序的测试自动化做出了贡献。特别是，我们专注于使用计划进行测试，我们引入了涵盖攻击及其在 Web 应用程序测试中的使用的底层模型。规划模型提供了高度的可扩展性和可配置性，并且克服了传统图形表示的限制。新的测试可能性出现，最终导致更好的漏洞检测，从而确保更安全的 Web 服务和应用程序。