SMRL: A Metamorphic Security Testing Tool for Web Systems

Phu X. Mai, Arda Goknil, Fabrizio Pastore, Lionel C. Briand

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

We present a metamorphic testing tool that alleviates the oracle problem in security testing. The tool enables engineers to specify metamorphic relations that capture security properties of Web systems. It automatically tests Web systems to detect vulnerabilities based on those relations. We provide a domain-specific language accompanied by an Eclipse editor to facilitate the specification of metamorphic relations. The tool automatically collects the input data and transforms the metamorphic relations into executable Java code in order to automatically perform security testing based on the collected data. The tool has been successfully evaluated on a commercial system and a leading open source system (Jenkins). Demo video: Https://youtu.be/9kx6u9LsGxs.

Original languageEnglish
Title of host publicationProceedings - 2020 ACM/IEEE 42nd International Conference on Software Engineering
Subtitle of host publicationCompanion, ICSE-Companion 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages9-12
Number of pages4
ISBN (Electronic)9781450371223
DOIs
Publication statusPublished - Oct 2020
Externally publishedYes
Event42nd ACM/IEEE International Conference on Software Engineering: Companion, ICSE-Companion 2020 - Seoul, Korea, Republic of
Duration: 27 Jun 202019 Jul 2020

Publication series

NameProceedings - 2020 ACM/IEEE 42nd International Conference on Software Engineering: Companion, ICSE-Companion 2020

Conference

Conference42nd ACM/IEEE International Conference on Software Engineering: Companion, ICSE-Companion 2020
Country/TerritoryKorea, Republic of
CitySeoul
Period27/06/2019/07/20

Keywords

  • Metamorphic Security Testing
  • Software and application security
  • Software verification and validation

Fingerprint

Dive into the research topics of 'SMRL: A Metamorphic Security Testing Tool for Web Systems'. Together they form a unique fingerprint.

Cite this