---

Testing of web applications for common vulnerabilities still represents a major challenge in the area of security testing. The objective here is not necessarily to find new vulnerabilities but to ensure that the web application handles well-known attack patterns in a reliable way. Previously developed methods based on model-based testing contribute to the underlying challenge. The author introduces two approaches that rely on different methods, namely model-based security testing, combinatorial testing and planning. The corresponding implementations combine these elements into testing frameworks for testing of web applications for vulnerabilities.

---

Josip Bozic was born in 1983 and spent his life in former Yugoslavia, Germany and Austria. After graduating at the Faculty of Organization and Informatics in Croatia, he moved to the Graz University of Technology in Austria, where he acquired a PhD. He currently works there as a postdoctoral researcher in the area of security aspects of software.

---