SMRL: A Metamorphic Security Testing Tool for Web Systems

被引:5
|
作者
Mai, Phu X. [1 ]
Goknil, Arda [1 ]
Pastore, Fabrizio [1 ]
Briand, Lionel C. [1 ,2 ]
机构
[1] Univ Luxembourg, SnT, Luxembourg, Luxembourg
[2] Univ Ottawa, Ottawa, ON, Canada
来源
2020 ACM/IEEE 42ND INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: COMPANION PROCEEDINGS (ICSE-COMPANION 2020) | 2020年
基金
欧洲研究理事会;
关键词
D O I
10.1145/3377812.3382152
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
We present a metamorphic testing tool that alleviates the oracle problem in security testing. The tool enables engineers to specify metamorphic relations that capture security properties of Web systems. It automatically tests Web systems to detect vulnerabilities based on those relations. We provide a domain-specific language accompanied by an Eclipse editor to facilitate the specification of metamorphic relations. The tool automatically collects the input data and transforms the metamorphic relations into executable Java code in order to automatically perform security testing based on the collected data. The tool has been successfully evaluated on a commercial system and a leading open source system (Jenkins). Demo video: https://youtu.be/9kx6u9LsGxs.
引用
收藏
页码:9 / 12
页数:4
相关论文
共 50 条
  • [31] Automated Security Testing of Web Widget Interactions
    Bezemer, Cor-Paul
    Mesbah, Ali
    van Deursen, Arie
    7TH JOINT MEETING OF THE EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND THE ACM SIGSOFT SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, 2009, : 81 - 90
  • [32] Complete Web Security Testing Methods and Recommendations
    Qian, Li
    Wan, Jiahua
    Chen, Lu
    Chen, Xiuming
    2013 INTERNATIONAL CONFERENCE ON COMPUTER SCIENCES AND APPLICATIONS (CSA), 2013, : 86 - 89
  • [33] Dual Security Testing Model for Web Applications
    Garima, Singh
    Manju, Kaushik
    INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2016, 7 (02) : 185 - 191
  • [34] A testing framework for Web application security assessment
    Huang, YW
    Tsai, CH
    Lin, TP
    Huang, SK
    Lee, DT
    Kuo, SY
    COMPUTER NETWORKS, 2005, 48 (05) : 739 - 761
  • [35] Security Testing of Web Applications: A Research Plan
    Avancini, Andrea
    2012 34TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2012, : 1491 - 1494
  • [36] Designing a Web-based Testing Tool for Multi-Criteria Recommender Systems
    Manouselis, Nikos G.
    Costopoulou, Constantina I.
    ENGINEERING LETTERS, 2006, 13 (03)
  • [37] MCP: A Security Testing Tool Driven by Requirements
    Mai, Phu X.
    Pastore, Fabrizio
    Goknil, Arda
    Briand, Lionel C.
    2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: COMPANION PROCEEDINGS (ICSE-COMPANION 2019), 2019, : 55 - 58
  • [38] Tool Support for Secure Programming by Security Testing
    Li, Keqin
    Hebert, Cedric
    Lindemann, Jan
    Sauter, Michael
    Mack, Holger
    Schroeer, Tom
    Tiple, Abhay
    2015 IEEE EIGHTH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS (ICSTW), 2015,
  • [39] Improve the Quality of ARC Systems Based on the Metamorphic Testing
    Zhang, Jihu
    Jing, Xiaochuan
    Zhang, Wei
    Wang, Haipeng
    Dong, Yunwei
    2016 INTERNATIONAL SYMPOSIUM ON SYSTEM AND SOFTWARE RELIABILITY (ISSSR), 2016, : 137 - 141
  • [40] Metamorphic Object Insertion for Testing Object Detection Systems
    Wang, Shuai
    Su, Zhendong
    2020 35TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE 2020), 2020, : 1053 - 1065
12345