Abstract
We present a metamorphic testing tool that alleviates the oracle problem in security testing. The tool enables engineers to specify metamorphic relations that capture security properties of Web systems. It automatically tests Web systems to detect vulnerabilities based on those relations. We provide a domain-specific language accompanied by an Eclipse editor to facilitate the specification of metamorphic relations. The tool automatically collects the input data and transforms the metamorphic relations into executable Java code in order to automatically perform security testing based on the collected data. The tool has been successfully evaluated on a commercial system and a leading open source system (Jenkins). Demo video: Https://youtu.be/9kx6u9LsGxs.
Author supplied keywords
Cite
CITATION STYLE
Mai, P. X., Goknil, A., Pastore, F., & Briand, L. C. (2020). SMRL: A Metamorphic Security Testing Tool for Web Systems. In Proceedings - 2020 ACM/IEEE 42nd International Conference on Software Engineering: Companion, ICSE-Companion 2020 (pp. 9–12). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1145/3377812.3382152
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
