We present a metamorphic testing tool that alleviates the oracle problem in security testing. The tool enables engineers to specify metamorphic relations that capture security properties of Web systems. It automatically tests Web systems to detect vulnerabilities based on those relations. We provide a domain-specific language accompanied by an Eclipse editor to facilitate the specification of metamorphic relations. The tool automatically collects the input data and transforms the metamorphic relations into executable Java code in order to automatically perform security testing based on the collected data. The tool has been successfully evaluated on a commercial system and a leading open source system (Jenkins). Demo video: https://youtu.be/...
Most of the people in the industrial world are using several web applications every day. Many of tho...
The test oracle problem is regarded as one of the most challenging problems in software testing. Met...
A test oracle determines whether a test execution reveals a fault, often by comparing the observed p...
We present a metamorphic testing tool that alleviates the oracle problem in security testing. The to...
Security testing aims at verifying that the software meets its security properties. In modern Web sy...
Security testing verifies that the data and the resources of software systems are protected from att...
Motivation and Context. Modern Internet-based services (e.g., home-banking, personal-training, healt...
The use of web services has been growing significantly, with increasingly large numbers of applicati...
The goal of security testing is to detect those defects that could be exploited to conduct attacks. ...
Web Application Programming Interfaces (APIs) consist of one or many endpoints defining request-resp...
Metamorphic testing (MT) can enhance security testing by providing an alternative to using a test or...
Metamorphic testing (MT) can enhance security testing by providing an alternative to using a test or...
Cross-site scripting (XSS) vulnerabilities are specific flaws related to web applications, in which ...
Information is indispensable in modern society. People’s daily communication and work depend on info...
In software testing, something which can verify the correctness of test case execution results is ca...
Most of the people in the industrial world are using several web applications every day. Many of tho...
The test oracle problem is regarded as one of the most challenging problems in software testing. Met...
A test oracle determines whether a test execution reveals a fault, often by comparing the observed p...
We present a metamorphic testing tool that alleviates the oracle problem in security testing. The to...
Security testing aims at verifying that the software meets its security properties. In modern Web sy...
Security testing verifies that the data and the resources of software systems are protected from att...
Motivation and Context. Modern Internet-based services (e.g., home-banking, personal-training, healt...
The use of web services has been growing significantly, with increasingly large numbers of applicati...
The goal of security testing is to detect those defects that could be exploited to conduct attacks. ...
Web Application Programming Interfaces (APIs) consist of one or many endpoints defining request-resp...
Metamorphic testing (MT) can enhance security testing by providing an alternative to using a test or...
Metamorphic testing (MT) can enhance security testing by providing an alternative to using a test or...
Cross-site scripting (XSS) vulnerabilities are specific flaws related to web applications, in which ...
Information is indispensable in modern society. People’s daily communication and work depend on info...
In software testing, something which can verify the correctness of test case execution results is ca...
Most of the people in the industrial world are using several web applications every day. Many of tho...
The test oracle problem is regarded as one of the most challenging problems in software testing. Met...
A test oracle determines whether a test execution reveals a fault, often by comparing the observed p...
Add to ORKG