75 Software Testing: XML Document Detection Framework Hannani Aman FSKTM UIHM Johor, Malaysia hanani@uthm.edu.my Rosziati Ibrahim FSKTM UIHM Johor, Malaysia rosziati@uthm.edu.my Abstract—XML detection is a way to assist W3C security standard implementation in XML document before it is passed into any web platform. Previous research has focus in enhancing each of W3C XML Security standards only but not in detection of every standard in the document. In order to ensure the safety of XML document before it releases to web environment, it is important that the XML security standard is implemented. Thus, in this paper a new framework for detecting W3C XML security standard is proposed. XML Security Standard; Software Testing; I. INTRODUCTION A need to trust collaborative technologies which can distribute information in a safe and secure manner is important with the increasing of collaborative information within web based applications environment. The World Wide Web Consortium (W3C) is an international community that develops open standards to ensure the long-term growth of the Web. This community has introduced Extensible Markup Language (XML) as a vehicle for marking up information and exchange information in different platform in the web has make it vulnerable to a few kind of an attacks. To ensure the XML document is secured before it passes to any web platform, the document needs to be implemented with XML standard. XML Security Standard can be confirming implemented using File Integrity Checking technique. As the file integrity checking is a sub-discipline of software security testing. Currently, research of software security testing is focus on enhancing various XML security standards. The XML standards consists of XML Security Signature, XML Encryption and XML Key Management (XKMS). The standard is based on W3C standards. However, the previous work focuses only in each of the standard but not as a whole. There is no solution to ensure that the XML Security Standard combination is implemented in confirming the document security fully. Thus, the aim of this paper is to propose the new framework for checking the implementation of XML Security Standard that has been establish by W3C. This paper is organized as follows: Section 2 provides motivation. Section 3 presents related work in this research. Section 4 introduce proposed framework and Section 5 contains the conclusion and future work. II. MOTIVATION XML is the de facto standard for data exchange mainly in Electronic Commerce (e-commerce) which has published in W3C. As a vehicle for delivering information and mediating information flows between different platforms, security element has been an issue that needs to be encountered [1]. XML is an application profile or restricted form of the Standard Generalized Markup Language (SGML) which is based on International Standard Organization (ISO) 8879. However, there are three type of security standard are adopted by W3C which are XML digital (signature), XML encryption and XML Key Management Specification [1]. In XML security, non-existence of any standard will cause the document to be rejected at the user level. These documents are classified as insecure and vulnerable to four types of XML attacks: Data Type Definition (DTD) attacks, Document corruption attacks, Single Node attacks and Multi-node attacks. DTD attacks is an attack that exploiting definition of data type in XML document structure. Meanwhile Document Corruption attacks is exploiting of XML Domain Object Modeling (DOM) tree structure which resulted in wrong interpretation of tree structure. Whilst, single and multi-node attacks which are related to the network nodes [2]. Kazim et.al.[4] have proposed a protocol with widely used browser focus on XML digital signing for server protection. Meanwhile [5] and [6] proposed a solution covered XML digital signing together with XML Integrity. However, the solution that has been introduced in [4],[5] and [6] focus only on one or two views of XML Standard. In order to ensure the XML document is secure, all three XML Security Standard needs to be implemented [1]. Therefore, the objective of this research is to develop a detection tool that ensured the XML documents have implements all three XML Security Standards. It is expected that this tool can give a denial of service status if the document is not using any or less XML Security Standard. III. RELATED WORK A. Software Testing Software testing is an investigation conducted to provide stakeholders with information about the quality of the product or service under test. Software testing can also provide an objective, independent view of the software to allow the