@inproceedings{7bf22b59de2946228adfd6989a63d1ab,
title = "SMRL: A Metamorphic Security Testing Tool for Web Systems",
abstract = "We present a metamorphic testing tool that alleviates the oracle problem in security testing. The tool enables engineers to specify metamorphic relations that capture security properties of Web systems. It automatically tests Web systems to detect vulnerabilities based on those relations. We provide a domain-specific language accompanied by an Eclipse editor to facilitate the specification of metamorphic relations. The tool automatically collects the input data and transforms the metamorphic relations into executable Java code in order to automatically perform security testing based on the collected data. The tool has been successfully evaluated on a commercial system and a leading open source system (Jenkins). Demo video: Https://youtu.be/9kx6u9LsGxs.",
keywords = "Metamorphic Security Testing, Software and application security, Software verification and validation",
author = "Mai, {Phu X.} and Arda Goknil and Fabrizio Pastore and Briand, {Lionel C.}",
note = "Publisher Copyright: {\textcopyright} 2020 ACM.; 42nd ACM/IEEE International Conference on Software Engineering: Companion, ICSE-Companion 2020 ; Conference date: 27-06-2020 Through 19-07-2020",
year = "2020",
month = oct,
doi = "10.1145/3377812.3382152",
language = "English",
series = "Proceedings - 2020 ACM/IEEE 42nd International Conference on Software Engineering: Companion, ICSE-Companion 2020",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "9--12",
booktitle = "Proceedings - 2020 ACM/IEEE 42nd International Conference on Software Engineering",
}