SCL: a language for security testing of network applications

Security of network applications has become increasingly important in the past several years. Syntax-based testing is a black box, data driven testing technique, for applications for which input can be described formally. SCL is a component of Protocol Tester, a project at RMC and Queen's, that uses syntax-based testing to evaluate the security of network applications. As a language, SCL can describe the syntax and the semantic constraints of a given protocol, constraints that pertain to the testing of network application security. This paper describes how SCL captures the input syntax of a network application including both syntax and semantic constraints. Standard reverse engineering and program comprehension techniques are used to extract a detailed model from the description. This model can be used to automate the selection and generation of test cases in Protocol Tester.