Testing and monitoring the effectiveness of security policies under pervasive system architectures is still a major challenging problem for the research community as well as industrials. The inherent characteristics of these systems such as the heterogeneous communicating devices and the multiple used technologies make the burden more overwhelming when dealing with security measures and policies. This paper aims to bridge this gap through the introduction of a formal design of security policies to make security monitoring operation more efficient. Hence, a formal framework is proposed to actively test web-based systems, as an example of these pervasive architectures. The goal of our technique is to check the compliance of the targeted web application to a set of generic security requirements such as confidentiality, integrity and availability as well as to a set of user-related security constraints. Our approach has been applied to a real industrial electronic voting application provided by the Scytl company. Several experiments show the merit of our technique in verifying the correctness of security measures of the targeted application. This framework is part of the INTER-TRUST solution intended to ensure secure inter-operation between communicating systems and provide solutions to test and monitor them