SMRL: A metamorphic security testing tool for web systems

Phu X. Mai, Arda Goknil, Fabrizio Pastore, Lionel C. Briand

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

We present a metamorphic testing tool that alleviates the oracleproblem in security testing. The tool enables engineers to specifymetamorphic relations that capture security properties of Websystems. It automatically tests Web systems to detect vulnerabilitiesbased on those relations. We provide a domain-specific languageaccompanied by an Eclipse editor to facilitate the specification ofmetamorphic relations. The tool automatically collects the inputdata and transforms the metamorphic relations into executable Javacode in order to automatically perform security testing based onthe collected data. The tool has been successfully evaluated on acommercial system and a leading open source system (Jenkins).Demo video: https://youtu.be/9kx6u9LsGxs.

Original languageEnglish
Title of host publicationProceedings - 2020 ACM/IEEE 42nd International Conference on Software Engineering
Subtitle of host publicationCompanion Proceedings, ICSE-Companion 2020
PublisherIEEE Computer Society
Pages9-12
Number of pages4
ISBN (Electronic)9781450371223
DOIs
Publication statusPublished - 27 Jun 2020
Externally publishedYes
Event42nd ACM/IEEE International Conference on Software Engineering, ICSE-Companion 2020 - Virtual, Online, Korea, Republic of
Duration: 27 Jun 202019 Jul 2020

Publication series

NameProceedings - International Conference on Software Engineering
ISSN (Print)0270-5257

Conference

Conference42nd ACM/IEEE International Conference on Software Engineering, ICSE-Companion 2020
Country/TerritoryKorea, Republic of
CityVirtual, Online
Period27/06/2019/07/20

Fingerprint

Dive into the research topics of 'SMRL: A metamorphic security testing tool for web systems'. Together they form a unique fingerprint.

Cite this