Back
  1. Home
  3. Detailled Reference
Download
Paper published in a book (Scientific congresses, symposiums and conference proceedings)
Metamorphic Security Testing for Web Systems
Mai, Xuan Phu; Pastore, Fabrizio; Goknil, Arda et al.
2020In IEEE International Conference on Software Testing, Verification and Validation (ICST) 2020
Peer reviewed
Permalink
https://hdl.handle.net/10993/41229
DOI
10.1109/ICST46399.2020.00028
 

Files (1)Send toDetailsStatisticsBibliographySimilar publications

Files

Full Text
Mai-ICST-2020.pdf
Author postprint (1.88 MB)
Download

All documents in ORBilu are protected by a user license.

Send to


Details


Keywords :
Software Engineering; Software Security; Metamorphic Testing; Metamorphic Relations; Security Testing; Web Security; System Testing
Abstract :
[en] Security testing verifies that the data and the resources of software systems are protected from attackers. Unfortunately, it suffers from the oracle problem, which refers to the challenge, given an input for a system, of distinguishing correct from incorrect behavior. In many situations where potential vulnerabilities are tested, a test oracle may not exist, or it might be impractical due to the many inputs for which specific oracles have to be defined. In this paper, we propose a metamorphic testing approach that alleviates the oracle problem in security testing. It enables engineers to specify metamorphic relations (MRs) that capture security properties of the system. Such MRs are then used to automate testing and detect vulnerabilities. We provide a catalog of 22 system-agnostic MRs to automate security testing in Web systems. Our approach targets 39% of the OWASP security testing activities not automated by state-of-the-art techniques. It automatically detected 10 out of 12 vulnerabilities affecting two widely used systems, one commercial and the other open source (Jenkins).
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)
Disciplines :
Computer science
Author, co-author :
Mai, Xuan Phu ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Pastore, Fabrizio  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Goknil, Arda
Briand, Lionel ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
External co-authors :
yes
Language :
English
Title :
Metamorphic Security Testing for Web Systems
Publication date :
March 2020
Event name :
INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION
Event place :
Porto, Portugal
Event date :
March 23-27, 2020
Audience :
International
Main work title :
IEEE International Conference on Software Testing, Verification and Validation (ICST) 2020
Publisher :
IEEE
ISBN/EAN :
978-1-7281-5779-5
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
European Projects :
H2020 - 694277 - TUNE - Testing the Untestable: Model Testing of Complex Software-Intensive Systems
FnR Project :
FNR11213850 - Enhanced Daily Living And Health 2 – An Incentive Based Service, 2015 (01/06/2016-30/11/2018) - Lionel Briand
Funders :
CE - Commission Européenne [BE]
Available on ORBilu :
since 10 December 2019

Statistics

Number of views
311 (52 by Unilu)
Number of downloads
224 (23 by Unilu)
More statistics
Scopus citations®
 
17
Scopus citations®
without self-citations
14

Bibliography

Similar publications


Contact ORBilu