A Search-based Testing Approach for XML Injection Vulnerabilities in Web Applications
1 like597 views
The document describes a search-based testing approach for detecting XML injection vulnerabilities in web applications. The approach uses genetic algorithms to search the input space to generate malicious XML outputs defined as test objectives (TOs). The approach was evaluated on four subjects and found to be highly effective at detecting vulnerabilities, achieving 100% TO coverage. Random search was not effective, covering zero TOs. The approach was efficient, taking 5-32 minutes per TO. Input validation decreased coverage while fewer inputs and a restricted alphabet increased efficiency.
1 of 25
Downloaded 12 times
Ad
Recommended
Scalable Software Testing and Verification of Non-Functional Properties throu...
Scalable Software Testing and Verification of Non-Functional Properties throu...Lionel Briand This document discusses scalable software testing and verification of non-functional properties through heuristic search and optimization. It describes several projects with industry partners that use metaheuristic search techniques like hill climbing and genetic algorithms to generate test cases for non-functional properties of complex, configurable software systems. The techniques address issues of scalability and practicality for engineers by using dimensionality reduction, surrogate modeling, and dynamically adjusting the search strategy in different regions of the input space. The results provided worst-case scenarios more effectively than random testing alone.
Applications of Machine Learning and Metaheuristic Search to Security Testing
Applications of Machine Learning and Metaheuristic Search to Security TestingLionel Briand This document discusses testing web application firewalls (WAFs) for SQL injection (SQLi) vulnerabilities. It states that the testing goal is to generate test cases that result in executable malicious SQL statements that can bypass the WAF. It also notes that WAF filter rules often need customization to avoid false positives and protect against new attacks, but that customization is error-prone due to complex rules, time/resource constraints, and a lack of automated tools.
Search-driven String Constraint Solving for Vulnerability Detection
Search-driven String Constraint Solving for Vulnerability DetectionLionel Briand The document presents a search-driven approach to solving string constraints for vulnerability detection. State-of-the-art solvers like Z3-str2 have limitations in supporting complex string operations. The proposed approach decomposes constraints and leverages an automata-based solver to reduce the search space, before using a search-based solver to find satisfying assignments. An evaluation on 43 programs shows the approach significantly improves vulnerability detection effectiveness over baseline solvers, with affordable time costs. The automata-based solver plays a key role in the effectiveness of the search-based procedure.
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...Lionel Briand 1) The document presents an approach for automatically extracting domain models from natural language requirements documents. It uses grammatical dependencies and novel extraction rules to construct domain models from requirement statements.
2) An empirical evaluation of the approach on three case studies found that generic extraction rules were triggered most frequently, while pattern-based rules were seldom triggered. Interviews on one case study found the extracted relations to be highly correct on average but only moderately relevant.
3) The conclusions indicate that the novel extraction rules hold practical significance but room remains to improve the relevance of automatically extracted domain models, such as by addressing common knowledge and natural language processing mistakes.
System Testing of Timing Requirements based on Use Cases and Timed Automata
System Testing of Timing Requirements based on Use Cases and Timed AutomataLionel Briand The document describes a technique called TAUC that combines use case specifications and timed automata to automatically generate test cases for validating timing requirements of safety-critical systems. TAUC models the system functionality and environment as timed automata, identifies test inputs from use case scenarios to trigger state transitions, and employs a coverage-based and metaheuristic search approach to generate a test suite that stresses timing constraints. An evaluation on a case study shows TAUC achieves a 91% fault detection rate, significantly outperforming random and manual testing.
Testing of Cyber-Physical Systems: Diversity-driven Strategies
Testing of Cyber-Physical Systems: Diversity-driven StrategiesLionel Briand Lionel Briand discusses strategies for testing cyber-physical systems using diversity-driven approaches. He outlines challenges in verifying controllers and decision-making components in cyber-physical systems due to large input spaces and expensive model execution. Briand proposes maximizing diversity of test cases to improve fault detection. He describes using diversity of input signals, output signals, and failure patterns to generate test cases. Search algorithms are used to find test cases that maximize diversity or reveal specific failure patterns. The strategies are shown to significantly outperform coverage-based and random testing on Simulink models.
Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...Lionel Briand This document summarizes an approach to improve fault localization for Simulink models using search-based testing and prediction models. The approach generates a small set of additional test cases to diversify an existing test suite using different test objectives. Predictor models are used to determine when adding more test cases is unlikely to improve fault localization rankings, allowing test generation to stop. An evaluation on 60 faulty industrial Simulink models found the approach significantly improved fault localization accuracy while reducing the number of new test cases generated by over half compared to generating test cases without the predictor models.
AN EMPIRICAL STUDY ON THE POTENTIAL USEFULNESS OF DOMAIN MODELS FOR COMPLETEN...
AN EMPIRICAL STUDY ON THE POTENTIAL USEFULNESS OF DOMAIN MODELS FOR COMPLETEN...Lionel Briand The study empirically examined the potential usefulness of domain models for detecting incompleteness in natural language requirements (RQ1). Domain models were found to provide useful hints towards requirements omissions, with higher sensitivity to unspecified versus underspecified requirements. Additionally, the sensitivity of domain models in detecting omissions varied based on the intrinsic properties of requirements documents, such as the frequency of key phrases (RQ2). Specifically, key phrases in requirements provided an accurate way to predict domain model sensitivity to omissions without full analysis. Therefore, domain models show promise as an external source for requirements completeness checking.
OCLR: A More Expressive, Pattern-Based Temporal Extension of OCL
OCLR: A More Expressive, Pattern-Based Temporal Extension of OCLLionel Briand This document introduces OCLR, a temporal extension of the Object Constraint Language (OCL) for expressing temporal properties. It discusses limitations of existing temporal logics and extensions of OCL for expressing temporal properties. It then presents the grammar and key features of OCLR, including support for Dwyer's pattern system of temporal property patterns (e.g. universality, existence, absence, response, precedence patterns) and precise specification of event scopes and distances between events. OCLR aims to provide a more expressive and pattern-based way to specify temporal properties within the model-driven engineering approach compared to existing temporal extensions of OCL.
STAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSung Kim This document summarizes Ning Chen's PhD thesis defense on STAR, a stack trace based automatic crash reproduction framework. The outline includes motivation and related work, approaches of STAR including crash precondition computation and input model generation, evaluation study, challenges and future work, and contributions. STAR aims to efficiently reproduce crashes using only stack traces by performing backward symbolic execution to optimize crash precondition computation and address object creation challenges in reproducing object-oriented crashes.
HITECS: A UML Profile and Analysis Framework for Hardware-in-the-Loop Testing...
HITECS: A UML Profile and Analysis Framework for Hardware-in-the-Loop Testing...Lionel Briand This document describes HITECS, a UML profile and analysis framework for specifying and analyzing hardware-in-the-loop (HiL) test cases for cyber-physical systems. HITECS addresses challenges with HiL testing such as risks of hardware damage, time budget constraints, and environmental uncertainties. It provides a modeling language to specify test platforms, behaviors, analyses, and schedules. HITECS also supports model checking of test case assertions and simulation of test execution times to help evaluate test cases prior to execution. An empirical evaluation on a satellite testing case study found that HITECS helps engineers define effective assertions, verify test cases efficiently, and accurately estimate execution times.
Test Case Prioritization for Acceptance Testing of Cyber Physical Systems
Test Case Prioritization for Acceptance Testing of Cyber Physical SystemsLionel Briand 1) The document describes a multi-objective search-based approach for minimizing and prioritizing acceptance test cases for cyber physical systems to address challenges like time overhead, uncertainties in execution time, and risks of hardware damage.
2) The approach models acceptance tests, minimizes test cases by removing redundant operations, and prioritizes test cases using Monte Carlo simulation to estimate execution times while optimizing for criticality and risk.
3) An empirical evaluation on an industrial case study of in-orbit satellite testing shows the approach generates test suites that cover more test cases and have lower hardware risk within time budgets compared to manually created test suites.
Automated and Scalable Solutions for Software Testing: The Essential Role of ...
Automated and Scalable Solutions for Software Testing: The Essential Role of ...Lionel Briand 1) Modeling plays an essential role in enabling automated and scalable software testing solutions across many industrial domains like automotive, aerospace, and healthcare.
2) Models of requirements, system architecture, and environment behavior can be used to guide test generation, derive oracles, and enable early system testing through simulation.
3) Effective test automation solutions combine models with techniques like optimization, constraint solving, and natural language processing to address challenges of scalability, oracle generation, and exploring large test input spaces.
SSBSE 2020 keynote
SSBSE 2020 keynoteShiva Nejati This document discusses search-based testing and its applications in software testing. It outlines some key strengths of search-based software testing (SBST) such as being scalable, parallelizable, versatile, and flexible. It also discusses some limitations of search-based approaches for problems that require formal verification to establish properties for all possible usages. The document compares classical optimization approaches, which build solutions incrementally, to stochastic optimization approaches used in SBST, which sample solutions in a randomized way. It notes that while testing can find bugs, it cannot prove their absence. Finally, it discusses how SBST can be combined with other techniques like constraint solving and machine learning.
Scalable and Cost-Effective Model-Based Software Verification and Testing
Scalable and Cost-Effective Model-Based Software Verification and TestingLionel Briand This document describes research on using model-based techniques to generate stress test cases for embedded software. A constraint programming approach is used to model the software system, hardware platform, and performance requirements. The model includes properties of threads, activities, and the scheduling policy. The approach searches for values of tunable parameters, such as delays, that maximize CPU usage while satisfying constraints, in order to evaluate the system under worst-case conditions and help verify that it meets safety standards. The generated test cases effectively stress the system by selecting parameter values that guide the execution towards maximum resource consumption.
Research-Based Innovation with Industry: Project Experience and Lessons Learned
Research-Based Innovation with Industry: Project Experience and Lessons LearnedLionel Briand The document discusses lessons learned from research projects conducted in collaboration with industry partners, focusing on defining problems, understanding context factors, developing domain models, and verifying requirements. It provides examples of projects in various domains like subsea systems, automotive, and satellite systems. The goal is to share success criteria and practical guidelines for performing industry-relevant engineering research.
Software Defect Prediction
on Unlabeled Datasets
Software Defect Prediction
on Unlabeled DatasetsSung Kim The document describes techniques for software defect prediction when labeled training data is unavailable. It proposes Transfer Defect Learning (TCA+) to improve cross-project defect prediction by normalizing data distributions between source and target projects. For projects with heterogeneous metrics, it introduces Heterogeneous Defect Prediction (HDP) which matches similar metrics between source and target to build cross-project prediction models. It also discusses CLAMI for defect prediction using only unlabeled data without human effort. The techniques are evaluated on open source projects to demonstrate their effectiveness compared to traditional cross-project and within-project prediction.
Requirements in Cyber-Physical Systems: Specifications and Applications
Requirements in Cyber-Physical Systems: Specifications and ApplicationsLionel Briand This document discusses requirements engineering challenges for cyber-physical systems (CPS) and provides examples of applications. It presents research on specifying and verifying requirements for CPS through signal-based temporal properties (SBTPs). Formal languages like STL, STL*, and SFO are assessed for expressing SBTPs. Applications discussed include generating test oracles for automotive controllers, developing a taxonomy and formal specification framework for SBTPs, generating online test oracles using a restricted first-order logic, and developing a domain-specific language called SB-TemPsy-DSL for specifying SBTPs to enable trace checking of system requirements.
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)Sung Kim CrashLocator is a technique that locates crashing faults based solely on crash stack traces, without needing test cases or instrumentation. It approximates failing traces from crash stacks using static analysis techniques like control flow analysis and backward slicing. It then ranks suspicious functions based on characteristics of faulty functions, such as frequency in crash traces and distance from crash point. An evaluation on Mozilla projects found CrashLocator could locate over 50% of faults in the top result and over 63% in the top 5 results, outperforming conventional stack-only methods.
TMPA-2017: 5W+1H Static Analysis Report Quality Measure
TMPA-2017: 5W+1H Static Analysis Report Quality MeasureIosif Itkin The document presents a static analysis report quality evaluation methodology using a 5W+1H framework, adapting the traditional questions of what, when, where, who, why, and how to fix. It highlights various metrics for assessing static analysis messages and notes the need for evaluating reports based on informational quality, utility support, and error class identification. Additionally, the authors tested several static analysis tools against their methodology, analyzing the informativeness and accuracy of the reports produced.
Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...
Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...Lionel Briand This document presents an approach called DICES for dynamically adapting software-defined networks to control congestion in IoT systems like an emergency management system. DICES uses SDN to monitor network traffic, analyzes congestion using a threshold, computes optimal traffic flow reconfigurations using a multi-objective search algorithm to minimize utilization, cost and delay, and applies the reconfiguration through SDN. An evaluation on an emergency management system case study shows DICES significantly outperforms baseline algorithms by transmitting data at least 3 times faster and reducing data loss by at least 70%.
Comparing Offline and Online Testing of Deep Neural Networks: An Autonomous C...
Comparing Offline and Online Testing of Deep Neural Networks: An Autonomous C...Lionel Briand This document summarizes a study comparing offline and online testing of deep neural networks (DNNs) used for autonomous driving. The study found that simulator-generated data can be reliably used as a substitute for real-world data when testing DNNs offline. When comparing offline and online test results, the study found that offline testing is more optimistic and misses many safety violations detected through online testing. The study concludes that online testing is preferable to offline testing for ensuring the safety of DNNs used in autonomous driving systems.
Model-driven trace diagnostics for pattern-based temporal specifications
Model-driven trace diagnostics for pattern-based temporal specificationsLionel Briand This document discusses model-driven trace diagnostics for pattern-based temporal specifications. It presents TemPsy-Check, a tool for model-driven trace checking of properties expressed in TemPsy, a pattern-based temporal specification language. TemPsy-Check yields boolean verdicts but provides no information on why a property fails. The document proposes a three-part approach to trace diagnostics: 1) characterizing property violations, 2) collecting diagnostics information using OCL queries on a trace meta-model, and 3) visualizing diagnostics information. It evaluates TemPsy-Report, a tool implementing this approach, and examines its scalability.
Heterogeneous Defect Prediction (
ESEC/FSE 2015)
Heterogeneous Defect Prediction (
ESEC/FSE 2015)Sung Kim This document describes a technique called Heterogeneous Defect Prediction (HDP) that aims to perform cross-project defect prediction even when the source and target projects have different sets of metrics (i.e. heterogeneous metrics). HDP first selects informative metrics from the source and target projects, then matches metrics between the projects that have similar distributions. It uses the matched metrics to build a prediction model on the source project and apply it to the target project. The technique is evaluated on multiple public defect datasets and is shown to outperform whole-project defect prediction and other cross-project defect prediction baselines in most cases, demonstrating the potential of HDP to reuse existing defect data more widely.
Dissertation Defense
Dissertation DefenseSung Kim The document summarizes a dissertation defense about adaptive bug prediction by analyzing project history. It discusses the motivation for leveraging project history and software configuration management data for bug prediction. It also describes creating a corpus by identifying bug-fix changes and bug-introducing changes from commits. The dissertation proposes using a "bug cache" to predict likely locations of future bugs based on past bug occurrences.
A Machine-Learning Approach for Demarcating Requirements in Textual Specifica...
A Machine-Learning Approach for Demarcating Requirements in Textual Specifica...Lionel Briand The document discusses demarcating requirements in textual specifications using a machine learning approach. It provides context on why demarcating requirements is important for contractual obligations and quality assurance. It also briefly summarizes related work using machine learning for requirements demarcation in automotive and railway domains. The approach uses natural language processing and machine learning to classify requirement candidates in a requirements specification document.
Enabling Model Testing of Cyber Physical Systems
Enabling Model Testing of Cyber Physical SystemsLionel Briand This document proposes a methodology for model testing of cyber-physical systems (CPSs) using SysML and Simulink models. It presents a case study of modeling an attitude determination and control system. Key points:
- A modeling methodology is introduced to specify testable CPS models in SysML and integrate them with Simulink models. This allows for co-simulation of software and functional models.
- An execution framework is developed to efficiently co-simulate SysML and Simulink models without user intervention, while generating traces for test evaluation.
- An evaluation on the case study shows the approach enables overnight model testing of realistic CPS models. However, integrating Simulink models and specifying software
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...Lionel Briand The document summarizes research into vulnerabilities in XML parsers related to billion laughs (BIL) denial of service attacks and XML external entity (XXE) attacks. The research assessed 13 XML parsers and 8 open source systems that use XML parsers. It found that over half of the parsers tested were vulnerable to BIL and XXE attacks. It also found that all of the open source systems tested were vulnerable because they used vulnerable parsers without applying any mitigation techniques. The research concludes that BIL and XXE attacks remain successful against many modern XML parsers and systems that use them. It recommends that software developers configure parsers securely and limit vulnerable features, and that parser developers improve security in their default configurations.
Learning Pulse - paper presentation at LAK17
Learning Pulse - paper presentation at LAK17Daniele Di Mitri This document presents research on using machine learning to predict student performance in self-regulated learning from multimodal data sources. The researchers collected data from 9 PhD students over 3 weeks using sensors, self-reports, and context data. They developed an architecture to store and analyze the data, addressing challenges in feature extraction, sparsity, and inter-subject variability. Linear mixed models were able to incorporate individual differences but yielded low prediction accuracy. Opportunities exist to provide real-time feedback visualizations to students.
Modernismo americano.
Modernismo americano. valeriarahal El documento resume los principales elementos de un edificio moderno como cimientos, estructura, materiales como hormigón y acero, y detalles sobre edificios de varias plantas. Describe los muros exteriores, cubiertas, transporte vertical y presenta la Catedral de Brasilia como ejemplo de edificio moderno con estructura de hormigón y acero.
More Related Content
What's hot (20)
OCLR: A More Expressive, Pattern-Based Temporal Extension of OCL
OCLR: A More Expressive, Pattern-Based Temporal Extension of OCLLionel Briand This document introduces OCLR, a temporal extension of the Object Constraint Language (OCL) for expressing temporal properties. It discusses limitations of existing temporal logics and extensions of OCL for expressing temporal properties. It then presents the grammar and key features of OCLR, including support for Dwyer's pattern system of temporal property patterns (e.g. universality, existence, absence, response, precedence patterns) and precise specification of event scopes and distances between events. OCLR aims to provide a more expressive and pattern-based way to specify temporal properties within the model-driven engineering approach compared to existing temporal extensions of OCL.
STAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSung Kim This document summarizes Ning Chen's PhD thesis defense on STAR, a stack trace based automatic crash reproduction framework. The outline includes motivation and related work, approaches of STAR including crash precondition computation and input model generation, evaluation study, challenges and future work, and contributions. STAR aims to efficiently reproduce crashes using only stack traces by performing backward symbolic execution to optimize crash precondition computation and address object creation challenges in reproducing object-oriented crashes.
HITECS: A UML Profile and Analysis Framework for Hardware-in-the-Loop Testing...
HITECS: A UML Profile and Analysis Framework for Hardware-in-the-Loop Testing...Lionel Briand This document describes HITECS, a UML profile and analysis framework for specifying and analyzing hardware-in-the-loop (HiL) test cases for cyber-physical systems. HITECS addresses challenges with HiL testing such as risks of hardware damage, time budget constraints, and environmental uncertainties. It provides a modeling language to specify test platforms, behaviors, analyses, and schedules. HITECS also supports model checking of test case assertions and simulation of test execution times to help evaluate test cases prior to execution. An empirical evaluation on a satellite testing case study found that HITECS helps engineers define effective assertions, verify test cases efficiently, and accurately estimate execution times.
Test Case Prioritization for Acceptance Testing of Cyber Physical Systems
Test Case Prioritization for Acceptance Testing of Cyber Physical SystemsLionel Briand 1) The document describes a multi-objective search-based approach for minimizing and prioritizing acceptance test cases for cyber physical systems to address challenges like time overhead, uncertainties in execution time, and risks of hardware damage.
2) The approach models acceptance tests, minimizes test cases by removing redundant operations, and prioritizes test cases using Monte Carlo simulation to estimate execution times while optimizing for criticality and risk.
3) An empirical evaluation on an industrial case study of in-orbit satellite testing shows the approach generates test suites that cover more test cases and have lower hardware risk within time budgets compared to manually created test suites.
Automated and Scalable Solutions for Software Testing: The Essential Role of ...
Automated and Scalable Solutions for Software Testing: The Essential Role of ...Lionel Briand 1) Modeling plays an essential role in enabling automated and scalable software testing solutions across many industrial domains like automotive, aerospace, and healthcare.
2) Models of requirements, system architecture, and environment behavior can be used to guide test generation, derive oracles, and enable early system testing through simulation.
3) Effective test automation solutions combine models with techniques like optimization, constraint solving, and natural language processing to address challenges of scalability, oracle generation, and exploring large test input spaces.
SSBSE 2020 keynote
SSBSE 2020 keynoteShiva Nejati This document discusses search-based testing and its applications in software testing. It outlines some key strengths of search-based software testing (SBST) such as being scalable, parallelizable, versatile, and flexible. It also discusses some limitations of search-based approaches for problems that require formal verification to establish properties for all possible usages. The document compares classical optimization approaches, which build solutions incrementally, to stochastic optimization approaches used in SBST, which sample solutions in a randomized way. It notes that while testing can find bugs, it cannot prove their absence. Finally, it discusses how SBST can be combined with other techniques like constraint solving and machine learning.
Scalable and Cost-Effective Model-Based Software Verification and Testing
Scalable and Cost-Effective Model-Based Software Verification and TestingLionel Briand This document describes research on using model-based techniques to generate stress test cases for embedded software. A constraint programming approach is used to model the software system, hardware platform, and performance requirements. The model includes properties of threads, activities, and the scheduling policy. The approach searches for values of tunable parameters, such as delays, that maximize CPU usage while satisfying constraints, in order to evaluate the system under worst-case conditions and help verify that it meets safety standards. The generated test cases effectively stress the system by selecting parameter values that guide the execution towards maximum resource consumption.
Research-Based Innovation with Industry: Project Experience and Lessons Learned
Research-Based Innovation with Industry: Project Experience and Lessons LearnedLionel Briand The document discusses lessons learned from research projects conducted in collaboration with industry partners, focusing on defining problems, understanding context factors, developing domain models, and verifying requirements. It provides examples of projects in various domains like subsea systems, automotive, and satellite systems. The goal is to share success criteria and practical guidelines for performing industry-relevant engineering research.
Software Defect Prediction
on Unlabeled Datasets
Software Defect Prediction
on Unlabeled DatasetsSung Kim The document describes techniques for software defect prediction when labeled training data is unavailable. It proposes Transfer Defect Learning (TCA+) to improve cross-project defect prediction by normalizing data distributions between source and target projects. For projects with heterogeneous metrics, it introduces Heterogeneous Defect Prediction (HDP) which matches similar metrics between source and target to build cross-project prediction models. It also discusses CLAMI for defect prediction using only unlabeled data without human effort. The techniques are evaluated on open source projects to demonstrate their effectiveness compared to traditional cross-project and within-project prediction.
Requirements in Cyber-Physical Systems: Specifications and Applications
Requirements in Cyber-Physical Systems: Specifications and ApplicationsLionel Briand This document discusses requirements engineering challenges for cyber-physical systems (CPS) and provides examples of applications. It presents research on specifying and verifying requirements for CPS through signal-based temporal properties (SBTPs). Formal languages like STL, STL*, and SFO are assessed for expressing SBTPs. Applications discussed include generating test oracles for automotive controllers, developing a taxonomy and formal specification framework for SBTPs, generating online test oracles using a restricted first-order logic, and developing a domain-specific language called SB-TemPsy-DSL for specifying SBTPs to enable trace checking of system requirements.
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)Sung Kim CrashLocator is a technique that locates crashing faults based solely on crash stack traces, without needing test cases or instrumentation. It approximates failing traces from crash stacks using static analysis techniques like control flow analysis and backward slicing. It then ranks suspicious functions based on characteristics of faulty functions, such as frequency in crash traces and distance from crash point. An evaluation on Mozilla projects found CrashLocator could locate over 50% of faults in the top result and over 63% in the top 5 results, outperforming conventional stack-only methods.
TMPA-2017: 5W+1H Static Analysis Report Quality Measure
TMPA-2017: 5W+1H Static Analysis Report Quality MeasureIosif Itkin The document presents a static analysis report quality evaluation methodology using a 5W+1H framework, adapting the traditional questions of what, when, where, who, why, and how to fix. It highlights various metrics for assessing static analysis messages and notes the need for evaluating reports based on informational quality, utility support, and error class identification. Additionally, the authors tested several static analysis tools against their methodology, analyzing the informativeness and accuracy of the reports produced.
Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...
Dynamic Adaptation of Software-defined Networks for IoT Systems: A Search-bas...Lionel Briand This document presents an approach called DICES for dynamically adapting software-defined networks to control congestion in IoT systems like an emergency management system. DICES uses SDN to monitor network traffic, analyzes congestion using a threshold, computes optimal traffic flow reconfigurations using a multi-objective search algorithm to minimize utilization, cost and delay, and applies the reconfiguration through SDN. An evaluation on an emergency management system case study shows DICES significantly outperforms baseline algorithms by transmitting data at least 3 times faster and reducing data loss by at least 70%.
Comparing Offline and Online Testing of Deep Neural Networks: An Autonomous C...
Comparing Offline and Online Testing of Deep Neural Networks: An Autonomous C...Lionel Briand This document summarizes a study comparing offline and online testing of deep neural networks (DNNs) used for autonomous driving. The study found that simulator-generated data can be reliably used as a substitute for real-world data when testing DNNs offline. When comparing offline and online test results, the study found that offline testing is more optimistic and misses many safety violations detected through online testing. The study concludes that online testing is preferable to offline testing for ensuring the safety of DNNs used in autonomous driving systems.
Model-driven trace diagnostics for pattern-based temporal specifications
Model-driven trace diagnostics for pattern-based temporal specificationsLionel Briand This document discusses model-driven trace diagnostics for pattern-based temporal specifications. It presents TemPsy-Check, a tool for model-driven trace checking of properties expressed in TemPsy, a pattern-based temporal specification language. TemPsy-Check yields boolean verdicts but provides no information on why a property fails. The document proposes a three-part approach to trace diagnostics: 1) characterizing property violations, 2) collecting diagnostics information using OCL queries on a trace meta-model, and 3) visualizing diagnostics information. It evaluates TemPsy-Report, a tool implementing this approach, and examines its scalability.
Heterogeneous Defect Prediction (
ESEC/FSE 2015)
Heterogeneous Defect Prediction (
ESEC/FSE 2015)Sung Kim This document describes a technique called Heterogeneous Defect Prediction (HDP) that aims to perform cross-project defect prediction even when the source and target projects have different sets of metrics (i.e. heterogeneous metrics). HDP first selects informative metrics from the source and target projects, then matches metrics between the projects that have similar distributions. It uses the matched metrics to build a prediction model on the source project and apply it to the target project. The technique is evaluated on multiple public defect datasets and is shown to outperform whole-project defect prediction and other cross-project defect prediction baselines in most cases, demonstrating the potential of HDP to reuse existing defect data more widely.
Dissertation Defense
Dissertation DefenseSung Kim The document summarizes a dissertation defense about adaptive bug prediction by analyzing project history. It discusses the motivation for leveraging project history and software configuration management data for bug prediction. It also describes creating a corpus by identifying bug-fix changes and bug-introducing changes from commits. The dissertation proposes using a "bug cache" to predict likely locations of future bugs based on past bug occurrences.
A Machine-Learning Approach for Demarcating Requirements in Textual Specifica...
A Machine-Learning Approach for Demarcating Requirements in Textual Specifica...Lionel Briand The document discusses demarcating requirements in textual specifications using a machine learning approach. It provides context on why demarcating requirements is important for contractual obligations and quality assurance. It also briefly summarizes related work using machine learning for requirements demarcation in automotive and railway domains. The approach uses natural language processing and machine learning to classify requirement candidates in a requirements specification document.
Enabling Model Testing of Cyber Physical Systems
Enabling Model Testing of Cyber Physical SystemsLionel Briand This document proposes a methodology for model testing of cyber-physical systems (CPSs) using SysML and Simulink models. It presents a case study of modeling an attitude determination and control system. Key points:
- A modeling methodology is introduced to specify testable CPS models in SysML and integrate them with Simulink models. This allows for co-simulation of software and functional models.
- An execution framework is developed to efficiently co-simulate SysML and Simulink models without user intervention, while generating traces for test evaluation.
- An evaluation on the case study shows the approach enables overnight model testing of realistic CPS models. However, integrating Simulink models and specifying software
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...Lionel Briand The document summarizes research into vulnerabilities in XML parsers related to billion laughs (BIL) denial of service attacks and XML external entity (XXE) attacks. The research assessed 13 XML parsers and 8 open source systems that use XML parsers. It found that over half of the parsers tested were vulnerable to BIL and XXE attacks. It also found that all of the open source systems tested were vulnerable because they used vulnerable parsers without applying any mitigation techniques. The research concludes that BIL and XXE attacks remain successful against many modern XML parsers and systems that use them. It recommends that software developers configure parsers securely and limit vulnerable features, and that parser developers improve security in their default configurations.
Viewers also liked (13)
Learning Pulse - paper presentation at LAK17
Learning Pulse - paper presentation at LAK17Daniele Di Mitri This document presents research on using machine learning to predict student performance in self-regulated learning from multimodal data sources. The researchers collected data from 9 PhD students over 3 weeks using sensors, self-reports, and context data. They developed an architecture to store and analyze the data, addressing challenges in feature extraction, sparsity, and inter-subject variability. Linear mixed models were able to incorporate individual differences but yielded low prediction accuracy. Opportunities exist to provide real-time feedback visualizations to students.
Modernismo americano.
Modernismo americano. valeriarahal El documento resume los principales elementos de un edificio moderno como cimientos, estructura, materiales como hormigón y acero, y detalles sobre edificios de varias plantas. Describe los muros exteriores, cubiertas, transporte vertical y presenta la Catedral de Brasilia como ejemplo de edificio moderno con estructura de hormigón y acero.
Actividad 11 de yamileth lópez requena
Actividad 11 de yamileth lópez requenaYamileth López Requena La lista incluye los nombres de 10 personas que fueron importantes para la generación del autor entre 2014 y 2017. La madrina de generación ofreció palabras de aliento sobre seguir adelante y encontrar nuevas alegrías a través del esfuerzo. Cinco maestros se destacaron por su enseñanza a la generación del autor.
Departamento de producción
Departamento de producciónMonserrat Correa El documento resume la historia, misión, visión y valores de Estrella Blanca, una empresa de transporte mexicana. Se fundó en 1949 y ha crecido a través de asociaciones con otras líneas de transporte. Su misión es brindar experiencias positivas a través de sus proyectos y servicios. Su visión es ser una empresa rentable y eficiente donde las personas marcan la diferencia. Sus valores incluyen brindar un excelente servicio al cliente, trabajar en equipo y trabajar con pasión para alcanzar nuevos objetivos.
Presentation on healthy relationships
Presentation on healthy relationshipscorrieperdok 1. The document discusses healthy relationships and defines key aspects like rapport, respect, trust, common interests, commitment, and compromise that build strong relationships.
2. It also outlines different types of relationships like family, friendships, casual, and romantic relationships.
3. Bullying is discussed where it is defined as being repeatedly picked on through physical, verbal, social/emotional, or cyber means by someone with more power. The effects of bullying on victims and tips to help stop bullying are provided.
Contenido1
Contenido1mnunezg Este documento presenta un programa de educación financiera que enseña cómo llegar a fin de mes a través de la elaboración y seguimiento de un presupuesto. El programa ofrece consejos sobre cómo identificar ingresos y gastos, ajustar los gastos a los ingresos, revisar periódicamente el presupuesto, crear un fondo de emergencia, y evitar deudas excesivas.
Universidad politecnica
Universidad politecnicaPeglys Lopez Este examen de ética y deontología contiene 5 preguntas. La primera pregunta define ética como la orientación que nos ayuda a vivir de manera armónica basada en enseñanzas de experiencias pasadas, y define deontología como la ciencia de los deberes y la forma de comportarse como profesionales. La segunda pregunta indica que los valores benefician a todos al promover la libertad y guiar acciones individuales. La tercera pregunta enumera tres principios éticos: autonomía, beneficencia y justicia. La cuarta pregunta explic
Leccion 5.2 sigh 2017
Leccion 5.2 sigh 2017Sergio Sanchez El SIGH ofrece la automatización integral de procesos hospitalarios a través de módulos que gestionan áreas como atención médica, laboratorio, imagenología, hospitalización y más. Los módulos permiten llevar un registro completo de pacientes, citas, diagnósticos, estudios y más, brindando información integral para la toma de decisiones. El SIGH puede adaptarse a diferentes tipos de instituciones médicas.
Leccion 5.3 qsoft 2017
Leccion 5.3 qsoft 2017Sergio Sanchez SALUS es un software integral desarrollado por QSOFT para la gestión de hospitales, clínicas y centros médicos. Permite la gestión de todas las áreas como admisiones, citas, historia clínica, quirófanos, almacén y facturación de forma integrada. El software lleva usándose desde 1995 y actualmente lo usan más de 5.000 clientes en España y otros 26 países.
Leccion 5.1 tesis his 2017
Leccion 5.1 tesis his 2017Sergio Sanchez TESIS HIS es un software integrado para la gestión de hospitales y clínicas que consta de múltiples módulos. Permite optimizar procesos como admisiones, urgencias, consultas externas, quirófanos y facturación. Su implementación mejora la eficiencia operativa y la calidad asistencial al racionalizar los flujos de trabajo y centralizar la información del paciente.
Descascarillado
DescascarilladoMartín Vinces Alava El documento describe el proceso de descascarillado de cereales, que implica la eliminación de la cascarilla de las semillas mediante diferentes métodos, incluyendo centrifugado y fricción. También se detallan las máquinas utilizadas en el proceso, como descascaradoras centrífugas y rectificadoras, que optimizan el rendimiento y minimizan roturas en los granos. Además, se analizan las etapas de separación y pulido de los cereales para obtener un producto final de alta calidad.
Wheelster hoverboard riding techniques
Wheelster hoverboard riding techniquesWheelster Inc. While riding your wheelster hoverboard, you just need to have a straight posture. Always Wear a Helmet. Adjust your wheelster hoverboard correctly and enjoy your ride.
Ad
Similar to A Search-based Testing Approach for XML Injection Vulnerabilities in Web Applications (20)
Automated Vulnerability Testing Using Machine Learning and Metaheuristic Search
Automated Vulnerability Testing Using Machine Learning and Metaheuristic SearchLionel Briand The document discusses automated vulnerability testing of web applications using machine learning and metaheuristic search. It discusses three key areas:
1. Testing front-end web applications for XML injection vulnerabilities by automatically generating malicious XML messages and using search-based techniques to find input strings that allow the generation of these messages.
2. Testing web application firewalls (WAFs) using machine learning to learn attack patterns from successful and blocked attacks to generate new attacks, and a multi-objective genetic algorithm to automatically repair vulnerable WAF rule sets.
3. Using machine learning to detect malicious SQL statements at the database level by training on legitimate and attack SQL logs and classifying new statements as legitimate or attacks.
Automated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection AttacksLionel Briand The document describes an automated approach and tool called SOLMI for testing web services against XML injection attacks. SOLMI generates valid but malicious XML messages to test services. It uses a taxonomy of 4 XML injection attack types and corresponding mutation operators. The approach extracts schema constraints and uses a constraint solver to generate payload satisfying constraints. An evaluation on a credit card processing system found SOLMI identified vulnerabilities while avoiding false positives, and took around 50 minutes to generate tests.
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingInMobi Technology Cross-site scripting (XSS) attacks involve injecting malicious scripts into trusted websites, exploiting flaws in web applications that do not validate user input. There are two main types of XSS: reflected, where the code is executed immediately by the user's browser, and stored, where malicious code is saved on a server and executed when users access that page. Effective testing for XSS vulnerabilities requires both black box and gray box testing methodologies, utilizing various tools to detect and analyze potential exploits.
FORENSIC PRESTTN
FORENSIC PRESTTNRufa'i Mustapha This document discusses various types of cybercrimes and vulnerabilities such as SQL injection, cross-site scripting (XSS), and XML external entity (XXE) injection. It provides examples of how these vulnerabilities can be exploited to access unauthorized data or elevate privileges. Countermeasures are suggested such as input validation, output encoding, and using parameterized queries. Tools used in cybercrime investigations like Chat Sniper and Web-Tracer are also mentioned. Potential errors from converting data formats and sample references are included.
A Validation Model of Data Input for Web Services
A Validation Model of Data Input for Web ServicesRafael Brinhosa This document presents a Validation Model of Data Input (WSIVM) for Web Services to address security issues like SQL injection and cross-site scripting attacks. WSIVM uses an XML schema, specification and validation module to sanitize input according to the schema before it is processed. The model was implemented using Apache Tomcat, Axis2 and intercepts SOAP messages for validation. A case study testing a student registration service saw validation reduce response times by 52% and number of database insertions by 49%. The model provides a reusable mechanism for validation to enhance web service security.
Selenium Conference 2014 -- Bangalore
Selenium Conference 2014 -- BangalorePrasanna Kanagasabai The document discusses using automation to improve security testing coverage. It introduces Selenium for automating UI testing and describes how it can be used to test for common vulnerabilities like SQL injection, XSS, and command injection. The document also outlines a workflow for defining test scenarios with payloads, executing tests, and validating results. It argues that automation can help achieve more comprehensive security testing by reducing reliance on finite trained resources.
Pentester's Mindset! - Ravikumar Paghdal
Pentester's Mindset! - Ravikumar PaghdalNSConclave Ravikumar Paghdal discusses the importance of expanding the mindset of penetration testers beyond the limitations of traditional vulnerability methods, such as OWASP Top 10 and SANS Top 25. The document emphasizes that many ethical hackers focus predominantly on recognized vulnerabilities like XSS and SQL injection, leading to missed opportunities in identifying a broader range of weaknesses. Factors contributing to this mindset include outdated training practices and compromises in quality by security firms and app vendors.
Presentation by Lionel Briand
Presentation by Lionel BriandPtidej Team This document discusses techniques for testing advanced driver assistance systems (ADAS) through physics-based simulation. It faces challenges due to the large, complex, and multidimensional test input space as well as the computational expense of simulation. The document proposes using a genetic algorithm guided by decision trees to more efficiently search for critical test cases. Classification trees are built to partition the input space into homogeneous regions in order to better guide the selection and generation of test inputs toward more critical areas.
Automated Testing for SQL Injection Vulnerabilities: An Input Mutation Approach
Automated Testing for SQL Injection Vulnerabilities: An Input Mutation ApproachLionel Briand The document describes an approach called μ4SQLi for automated testing of SQL injection vulnerabilities. It uses an input mutation technique where valid test cases are manipulated to become SQL injection attacks through the application of 12 mutation operators. These operators are grouped into behavior-changing, syntax-repairing, and obfuscation categories. The approach monitors traffic between the system under test and database to detect if tests trigger vulnerabilities. The evaluation compares μ4SQLi against standard attacks on two web applications, with and without a web application firewall, to determine which technique performs better. The results show μ4SQLi generates more exploitable vulnerabilities, especially in the presence of a firewall.
Application Context and Discovering XSS without
Application Context and Discovering XSS without Todd Benson (I.T. SPECIALIST and I.T. SECURITY) This document discusses discovering and exploiting cross-site scripting (XSS) vulnerabilities without using <script> tags. It emphasizes that context is important for discovering XSS, including the area of the application, where the payload is injected, the user's role and browser, and how the vulnerability will be exploited. The document provides examples of XSS payloads that don't use <script> by injecting JavaScript into other HTML elements. It also discusses how to craft full exploits by combining XSS with other vulnerabilities like CSRF, session hijacking, and file uploads. The key to remediation is properly escaping all untrusted data based on context.
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applicationsijwscjournal The document discusses XPath injection vulnerabilities in web applications, highlighting how malicious users can exploit improper input handling to bypass authentication and access restricted data. It proposes a tool, PXPathV, that detects these vulnerabilities through runtime interception and validation of XPath expressions against a defined XML schema. The document emphasizes the importance of strong input validation and the use of parameterized XPath queries as preventive measures against such security threats.
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applicationsijwscjournal The document discusses XPath injection vulnerabilities in web applications, a type of attack that allows malicious users to exploit improper user inputs to bypass authentication and access restricted data. It proposes a method for detecting such vulnerabilities by intercepting and analyzing XPath queries generated from user inputs, using an XML schema for validation. The approach, implemented in a tool called pxpathv, aims to effectively prevent XPath injection attacks while maintaining minimal impact on system response time.
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applicationsijwscjournal The document describes an approach called PXpathV that detects XPath injection vulnerabilities in web applications. PXpathV works by intercepting XPath expressions, analyzing them to identify user input parameters, generating an XML file with the parameters, and validating the XML file against a schema to detect any injection attempts. An evaluation of PXpathV showed it increased response times but successfully identified injection vulnerabilities that would otherwise not be detected.
a
aSandeep Kumar The document provides an overview of PHP security. It discusses common threats like session hijacking, SQL injection, and cross-site scripting (XSS) attacks. It explains how each threat works and recommendations for preventing them, such as using encryption, validating all user input, and escaping special characters when outputting data. The document is intended to help PHP developers learn about key security risks and best practices.
Attacks on web services need to secure xml on web
Attacks on web services need to secure xml on webcseij The document discusses vulnerabilities in web services, primarily focusing on XML-based attacks such as XML injection, XPath injection, and Denial of Service attacks. It emphasizes the importance of input sanitization and various mitigation strategies to enhance the security of web services against these threats. The study also categorizes different types of attacks and suggests prevention techniques to safeguard against malicious activities targeting web services.
Integrated security testing public
Integrated security testing publicMorgan Roman This document discusses how to use existing integration tests to find security vulnerabilities. It begins by defining Selenium and integration testing. It then outlines how, after reviewing the presentation, one can make existing tests find security bugs without false positives through minimal changes. The presenter discusses their experience as a tester and penetration tester. They provide an example workflow for trying to find XSS vulnerabilities and how to modify tests to add payloads at different points. The document discusses how tests can be used to find issues like XSS, SQL injection, Angular injection, authorization bugs, and more. It emphasizes trying to break tests with payloads rather than expecting them to succeed.
Xss talk, attack and defense
Xss talk, attack and defensePrakashchand Suthar The document outlines a session organized by a hacking and information security group, focusing on Cross-Site Scripting (XSS) vulnerabilities. It discusses the birth of XSS, its types, and prevention mechanisms, emphasizing the risks associated with unsanitized code. Additionally, it includes hands-on activities for participants to experience XSS challenges and encourages engagement through Q&A and future meeting topics.
2 Roads to Redemption - Thoughts on XSS and SQLIA
2 Roads to Redemption - Thoughts on XSS and SQLIAguestfdcb8a This document discusses approaches to preventing SQL injection attacks (SQLIA) and cross-site scripting (XSS) vulnerabilities. It proposes using rich data types that define how data should be validated, sanitized, and serialized depending on its context and use. This could help frameworks automatically apply the proper validation and output encoding. However, such an approach needs good infrastructure support from frameworks and a comprehensive catalogue of data types to be practical. It may not be worth the effort compared to simpler approaches like those used in Django.
Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Yassine Aboukir The document provides an overview of bug bounty hunting, highlighting its benefits and methodologies, as well as an introduction to essential hacking tools. It emphasizes the distinction between vulnerability assessment and penetration testing and covers various web vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. The author, a security analyst and seasoned bug bounty hunter, shares insights into effective vulnerability assessment techniques and the importance of thorough program brief readings before engaging in bug hunting.
Timing attacks have never been so practical: Advance cross site search attacks
Timing attacks have never been so practical: Advance cross site search attacksPriyanka Aash The document discusses advancements in practical timing attacks, particularly focusing on cross-site search (xs-search) attacks that exploit response inflation and browser-based vulnerabilities. It presents various methodologies for executing these attacks, including basic flows for boolean queries and second-order xs-search attacks that manipulate storage for optimal exploitation. The results demonstrate significant improvements in success rates and execution speed for extracting sensitive user information across popular web services.
Ad
More from Lionel Briand (20)
LTM: Scalable and Black-box Similarity-based Test Suite Minimization based on...
LTM: Scalable and Black-box Similarity-based Test Suite Minimization based on...Lionel Briand FSE 2025 presentation
TEASMA: A Practical Methodology for Test Adequacy Assessment of Deep Neural N...
TEASMA: A Practical Methodology for Test Adequacy Assessment of Deep Neural N...Lionel Briand FSE 2025 presentation
Automated Testing and Safety Analysis of Deep Neural Networks
Automated Testing and Safety Analysis of Deep Neural NetworksLionel Briand Keynote address at Internetware 2025, co-located with FSE 2025
FlakyFix: Using Large Language Models for Predicting Flaky Test Fix Categorie...
FlakyFix: Using Large Language Models for Predicting Flaky Test Fix Categorie...Lionel Briand Journal-first presentation at ICST 2025
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...Lionel Briand Keynote at RAISE workshop, ICSE 2025
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand The document discusses the challenges of achieving precise and complete requirements upfront in software development projects. It notes that while academics assume detailed requirements are needed, practitioners find this difficult to achieve in reality due to limited resources, uncertainty, and changing needs. The document provides perspectives from practice that emphasize starting with prototypes and visions rather than detailed specifications. It also summarizes research finding diverse requirements practices across different domains and organizations. The document concludes that while precise requirements may be desirable, they are often elusive goals, and the focus should be on achieving compliance and delivering working software.
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand Large language models show promise for test case repair tasks. LLMs can be applied to tasks like test case generation, classification of flaky tests, and test case evolution and repair. The paper presents TaRGet, a framework that uses LLMs for automated test case repair. TaRGet takes as input a broken test case and code changes to the system under test, and outputs a repaired test case. Evaluation shows TaRGet achieves over 80% plausible repair accuracy. The paper analyzes repair characteristics, evaluates different LLM and input/output formats, and examines the impact of fine-tuning data size on performance.
Metamorphic Testing for Web System Security
Metamorphic Testing for Web System SecurityLionel Briand This document summarizes a presentation on metamorphic testing for web system security given by Nazanin Bayati on September 13, 2023. Metamorphic testing uses relations between the outputs of multiple test executions to test systems when specifying expected outputs is difficult. It was applied to web systems by generating follow-up inputs based on transformations of valid interactions and checking that output relations held. The approach detected over 60% of vulnerabilities in tested systems and addressed more vulnerability types than static and dynamic analysis tools. It provides an effective and automated way to test for security issues in web systems.
Simulator-based Explanation and Debugging of Hazard-triggering Events in DNN-...
Simulator-based Explanation and Debugging of Hazard-triggering Events in DNN-...Lionel Briand This document proposes a method called SEDE (Simulator-based Explanations for DNN Errors) to automatically generate explanations for errors in DNN-based safety-critical systems by constraining simulator parameters. SEDE first identifies clusters of error-inducing images, then uses an evolutionary algorithm to generate simulator images within each cluster, including failing, passing, and representative images. SEDE extracts rules characterizing the unsafe parameter space and uses the generated images to retrain DNNs, improving accuracy compared to alternative methods. The paper evaluates SEDE on head pose and face landmark detection DNNs in terms of generating diverse cluster images, delimiting unsafe spaces, and enhancing DNN performance.
Fuzzing for CPS Mutation Testing
Fuzzing for CPS Mutation TestingLionel Briand This document summarizes a research paper on using grey-box fuzzing (MOTIF) for mutation testing of C/C++ code in cyber-physical systems (CPS). It introduces mutation testing and grey-box fuzzing, and proposes MOTIF which generates a fuzzing driver to test functions with live mutants. An empirical evaluation compares MOTIF to symbolic execution-based mutation testing on three subject programs. MOTIF killed more mutants within 10,000 seconds and was able to test programs that symbolic execution could not handle due to limitations like floating-point values. Seed inputs alone killed few mutants, showing the importance of fuzzing. MOTIF is an effective approach for mutation testing of CPS software.
Data-driven Mutation Analysis for Cyber-Physical Systems
Data-driven Mutation Analysis for Cyber-Physical SystemsLionel Briand Data-driven mutation analysis is proposed to assess if test suites for cyber-physical systems properly exercise component interoperability. Fault models are developed for different data types and dependencies, and are used to automatically generate mutants by injecting faults. Empirical results on industrial systems demonstrate the feasibility and effectiveness of the approach in identifying test suite shortcomings and poor oracles.
Many-Objective Reinforcement Learning for Online Testing of DNN-Enabled Systems
Many-Objective Reinforcement Learning for Online Testing of DNN-Enabled SystemsLionel Briand This document proposes MORLOT (Many-Objective Reinforcement Learning for Online Testing) to address challenges in online testing of DNN-enabled systems. MORLOT leverages many-objective search and reinforcement learning to choose test actions. It was evaluated on the Transfuser autonomous driving system in the CARLA simulator using 6 safety requirements. MORLOT was significantly more effective and efficient at finding safety violations than random search or other many-objective approaches, achieving a higher average test effectiveness for any given test budget.
ATM: Black-box Test Case Minimization based on Test Code Similarity and Evolu...
ATM: Black-box Test Case Minimization based on Test Code Similarity and Evolu...Lionel Briand 1. The document presents ATM, a new approach for black-box test case minimization that transforms test code into abstract syntax trees and uses tree-based similarity measures and genetic algorithms to minimize test suites.
2. ATM was evaluated on the DEFECTS4J dataset and achieved a fault detection rate of 0.82 on average, significantly outperforming existing techniques, while requiring only practical execution times.
3. The best configuration of ATM used a genetic algorithm with a combined similarity measure, achieving a fault detection rate of 0.80 within 1.2 hours on average.
Black-box Safety Analysis and Retraining of DNNs based on Feature Extraction ...
Black-box Safety Analysis and Retraining of DNNs based on Feature Extraction ...Lionel Briand The document is a journal paper that proposes a method for black-box safety analysis and retraining of deep neural networks (DNNs) based on feature extraction and clustering of failure-inducing images. The method uses a pre-trained VGG16 model to extract features from failure images, clusters the features using DBSCAN, selects clusters that likely caused failures, and retrains the DNN to improve safety based on images in problematic clusters. An empirical evaluation on various DNNs for tasks like gaze detection showed the method effectively determined failure causes through clustering and improved models with fewer images than other approaches.
PRINS: Scalable Model Inference for Component-based System Logs
PRINS: Scalable Model Inference for Component-based System LogsLionel Briand PRINS is a technique for scalable model inference of component-based system logs. It divides the problem into inferring individual component models and then stitching them together. The paper evaluates PRINS on several systems and compares its execution time and accuracy to MINT, a state-of-the-art model inference tool. Results show that PRINS is significantly faster than MINT, especially on larger logs, with comparable accuracy. However, stitching component models can result in larger overall system models. The paper contributes an empirical evaluation of the PRINS technique and makes its implementation publicly available.
Revisiting the Notion of Diversity in Software Testing
Revisiting the Notion of Diversity in Software TestingLionel Briand The document discusses the concept of diversity in software testing. It provides examples of how diversity has been applied in various testing applications, including test case prioritization and minimization, mutation analysis, and explaining errors in deep neural networks. The key aspects of diversity discussed are the representation of test cases, measures of distance or similarity between cases, and techniques for maximizing diversity. The document emphasizes that the best approach depends on factors like information access, execution costs, and the specific application context.
Applications of Search-based Software Testing to Trustworthy Artificial Intel...
Applications of Search-based Software Testing to Trustworthy Artificial Intel...Lionel Briand This document discusses search-based approaches for testing artificial intelligence systems. It covers testing at different levels, from model-level testing of individual machine learning components to system-level testing of AI-enabled systems. At the model level, search-based techniques are used to generate test inputs that target weaknesses in deep learning models. At the system level, simulations and reinforcement learning are used to test AI components integrated into complex systems. The document outlines many open challenges in AI testing and argues that search-based approaches are well-suited to address challenges due to the complex, non-linear behaviors of AI systems.
Autonomous Systems: How to Address the Dilemma between Autonomy and Safety
Autonomous Systems: How to Address the Dilemma between Autonomy and SafetyLionel Briand Autonomous systems present safety challenges due to their complexity and use of machine learning. Two key approaches are needed to address these challenges: (1) design-time assurance cases to validate safety requirements and (2) run-time monitoring architectures to detect unsafe behavior. Automated testing techniques leveraging metaheuristics and machine learning can help provide evidence for assurance cases and learn conditions to guide run-time monitoring. However, more industrial experience is still needed to properly validate these approaches at scale for autonomous systems.
Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...
Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...Lionel Briand This document discusses the split identities of software engineering researchers between being mathematicians, social scientists, or engineers. It notes there are three main communities - formal methods and guarantees, human and social studies, and engineering automated solutions - that have different backgrounds, languages, and research methods. While diversity is good, the communities need to be better connected to work together to solve problems. The document calls for more demand-driven, collaborative research with industry to have a greater impact and produce practical solutions.
Recently uploaded (20)
Sysinfo OST to PST Converter Infographic
Sysinfo OST to PST Converter InfographicSysInfo Tools The SysInfo OST to PST Converter is the most secure software to perform the OST to PST conversion. It converts OST files into various formats, including MBOX, EML, EMLX, HTML, and CSV, with 100% accuracy. Along with that, it imports OST files into different email clients like Office 365 and G Suite.
visit: https://www.sysinfotools.com/ost-to-pst-converter.php
Top Time Tracking Solutions for Accountants
Top Time Tracking Solutions for Accountantsoliviareed320 This presentation explores the importance of time tracking for accountants and introduces modern solutions that help streamline billable hours, improve productivity, and eliminate manual tracking errors. Learn how time tracking software tailored for accounting professionals can simplify client billing, ensure compliance, and enhance profitability.
From key challenges in time management to top features to look for in a solution, this presentation offers valuable insights and practical tips for solo accountants, finance teams, and accounting firms looking to optimize their time-tracking workflows.https://www.invoicera.com/blog/invoicing/best-time-tracking-software-for-accountants/
CodeCleaner: Mitigating Data Contamination for LLM Benchmarking
CodeCleaner: Mitigating Data Contamination for LLM Benchmarkingarabelatso This is the pdf-version slides for the presentation "CodeCleaner: Mitigating Data Contamination for LLM Benchmarking" in Internetware 2025.
CodeCleaner: Mitigating Data Contamination for LLM Benchmarking
CodeCleaner: Mitigating Data Contamination for LLM Benchmarkingarabelatso The pdf-version of "CodeCleaner: Mitigating Data Contamination for LLM Benchmarking" presented in Internetware 2025.
Why Every Growing Business Needs a Staff Augmentation Company IN USA.pdf
Why Every Growing Business Needs a Staff Augmentation Company IN USA.pdfmary rojas U.S. staff augmentation companies excel at providing IT professionals with expertise in development, cybersecurity, AI, and more. Whether you need to fill a short-term gap or enhance your team’s capabilities long-term, these firms deliver pre-vetted talent tailored to your tech stack and industry. With an understanding of both global technologies and local compliance, U.S.-based IT staff augmentation bridges the gap between talent shortage and project demand efficiently.
Canva Pro Crack Free Download 2025-FREE LATEST
Canva Pro Crack Free Download 2025-FREE LATESTgrete1122g 🌍📱👉COPY & PASTE LINK >> https://click4pc.com/after-verification-click-go-to-download-page/
Canva Pro PC Crack is a practical design app to create beautiful montages and compositions with a lot of resources on the platform.
Humans vs AI Call Agents - Qcall.ai's Special Report
Humans vs AI Call Agents - Qcall.ai's Special ReportUdit Goenka Humans vs Agentic AI Cost Comparison: Cut 85% Support Costs
TL;DR: Agentic AI crushes human costs in L1/L2 support with 85% savings, 300% efficiency gains, and 90%+ success rates.
Your CFO just asked: "Why spend $2.3M annually on L1 support when competitors automated 80% for under $200K?" The humans vs agentic AI cost debate isn't theoretical - it's happening now.
Real Cost Breakdown:
- India L1/L2 Agent: ₹6,64,379 ($8,000) annually (full cost)
- US L1/L2 Agent: $70,000 annually (loaded cost)
- Qcall.ai Agentic AI: ₹6/min ($0.07/min) = 85% savings
Game-Changing Results:
- 47 human agents → 8 agents + AI system
- Operating costs: $2.8M → $420K (85% reduction)
- Customer satisfaction: 78% → 91%
- First call resolution: 72% → 94%
- Languages: 2-3 → 15+ fluently
Why Agentic AI Wins:
- Human Limitations: 8hrs/day, 1-2 languages, 30-45% attrition, mood-dependent, 6-12 weeks training
- Qcall.ai Advantages: 24/7 availability, 97% humanized voice, <60 second response, intelligent qualification, seamless handoff
Industry Impact:
- E-commerce: 82% cost reduction
- Healthcare: 90% appointment automation
- SaaS: 23% satisfaction improvement
- Financial: 95% inquiry automation
Implementation:
- Setup: 2-5 days vs 6-12 weeks hiring
- ROI: Break-even in 3 months
- Scaling: Instant global expansion
Competitive Gap:
- Early Adopters: 85% cost advantage, superior metrics, faster expansion
Late Adopters: Higher costs, limited scalability, compounding disadvantage
Similar automation patterns emerge across industries.
Marketing teams use autoposting.ai for social media automation - same human-AI collaboration model driving L1/L2 transformation.
"We reduced support costs by 78% while improving satisfaction by 31%. ROI was immediate and keeps compounding." - COO, Global SaaS Company
Getting Started:
Calculate current L1/L2 costs
Assess repetitive tasks
Request Qcall.ai demo
Plan 20% pilot
Bottom Line: Companies avoiding this shift hemorrhage millions while competitors scale globally with fraction of costs. The question isn't whether agentic AI will replace routine tasks - it's whether you'll implement before competitors gain insurmountable advantage.
Ready to transform operations? This reveals complete cost analysis, implementation strategy, and competitive advantages.
Heat Treatment Process Automation in India
Heat Treatment Process Automation in IndiaReckers Mechatronics Automate your heat treatment processes for superior precision, consistency, and cost savings. Explore solutions for furnaces, quench systems. Heat treatment is a critical manufacturing process that alters the microstructure and properties of materials, typically metals, to achieve desired characteristics such as hardness, strength, ductility, and wear resistance.
AI for PV: Development and Governance for a Regulated Industry
AI for PV: Development and Governance for a Regulated IndustryBiologit AI for pharmacovigilance: Development and Governance for a Regulated Industry.
A survey of regulatory guidance for the use of artificial intelligence in pharmacovigilance and best practices for its safe implementation with the Biologit literature platform as case study.
Enable Your Cloud Journey With Microsoft Trusted Partner | IFI Tech
Enable Your Cloud Journey With Microsoft Trusted Partner | IFI TechIFI Techsolutions Start your cloud journey with IFI Tech—Microsoft’s trusted partner delivering secure, scalable Azure solutions tailored for your business.
Introduction to Agile Frameworks for Product Managers.pdf
Introduction to Agile Frameworks for Product Managers.pdfAli Vahed As a Product Manager, having a solid understanding of Agile frameworks is essential, whether you are joining an established team or helping shape a new one.
Agile is not just a delivery method; it is a mind set that directly impacts how products are built, iterated, and brought to market. Knowing the strengths and trade-offs of each framework enables you to collaborate more effectively with teams, foster alignment, and drive meaningful outcomes.
Simply put, Agile fluency helps you lead with clarity in fast-paced, ever-changing environments.
The next few slides are simple ‘STUDY CARDS’ to help you learn or refresh your understanding of a few popular Agile frameworks.
Foundations of Marketo Engage - Programs, Campaigns & Beyond - June 2025
Foundations of Marketo Engage - Programs, Campaigns & Beyond - June 2025BradBedford3 Join us for an exciting introductory session on, Foundations of Marketo Engage: Programs, Campaigns & Beyond. Ideal for new and early-stage users looking to build confidence and capability in Marketo Engage.
Our speakers for this session will be:
AJ Navarro
Marketing Operations Manager - Sprout Social
Bobby Coppola
Marketing Manager - Blue Yonder
This event will guide you through the essential steps to build strong, scalable Programs, Channels, Tags, Smart Campaigns, and Reporting Basics in Marketo Engage.
Attendees will gain practical knowledge on how to structure and launch marketing initiatives, leverage templates for efficiency, and implement best practices for campaign execution and measurement. You'll leave with actionable insights you can immediately apply to your own Marketo instance to improve organization, automation, and reporting. Marketo Engage.
Learn how to create impactful programs and understand the best practices for seamless campaign management and effective reporting.
Don’t miss out on this opportunity to gain hands-on guidance from experienced practitioners and to connect with peers who are also new to the platform. Secure your spot today and start building your path to becoming a Marketo pro!
Please feel free to invite colleagues who you think would also benefit from this session.
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...WSO2 Building and operating internal platforms has become increasingly complex — sprawling toolchains, rising costs, and fragmented developer experiences are slowing teams down. It’s time for a new approach.
This slide deck explores modern platform engineering with Choreo, WSO2’s AI-native Internal Developer Platform as a Service. Discover how you can streamline platform operations, empower your developers, and drive faster innovation — all while reducing complexity and cost.
Learn more: https://wso2.com/choreo/platform-engineering/
University Campus Navigation for All - Peak of Data & AI
University Campus Navigation for All - Peak of Data & AISafe Software Navigating around the 1000 acres of UBC Vancouver’s campus may look like a walk in a park, but when you’re a student in a wheelchair trying to find a powered door to the class you’re late for, it is not all that scenic. UBC’s GIS team will share the journey from the original 2003 static map application to the current web application built using FME and the ArcGIS JavaScript API. There were two main goals with this new application: 1. Enable the UBC community to easily interact with and navigate the campus by walking, cycling and accessible means (which include mobility constraints such as steep slopes, stairs, and doors that are not powered). 2. Provide high quality geospatial data that is authoritative and updated using FME to reflect existing conditions on campus including road, sidewalk or building closures for construction. We will cover the unique challenges in creating a navigation application which offers features that Google Maps cannot at the scale of a University campus. Door to door navigation, avoiding stairs and steep slopes, navigating to accessible entrances and up to date construction barriers are some of the features we will discuss.
Simplify Insurance Regulations with Compliance Management Software
Simplify Insurance Regulations with Compliance Management SoftwareInsurance Tech Services Streamline your compliance processes and stay up-to-date with changing regulations effortlessly. Our Compliance Management Software helps insurers reduce risk, avoid penalties, and maintain full compliance — all from a unified platform. Explore More - https://www.damcogroup.com/insurance/compliance-management-software
Download Adobe Illustrator Crack free for Windows 2025?
Download Adobe Illustrator Crack free for Windows 2025?grete1122g COPY & PASTE LINK 👉👉👉 https://click4pc.com/after-verification-click-go-to-download-page/
Adobe Illustrator CC Crack will make your illustration level upgrade by moving toward real modification purpose using adobe pro tools there ..
ERP Systems in the UAE: Driving Business Transformation with Smart Solutions
ERP Systems in the UAE: Driving Business Transformation with Smart Solutionsdheeodoo ERP solutions are driving innovative change for businesses across the UAE through improved efficiency, reduced operational costs, and provide real-time visibility of operational data. By offering native Arabic language support, VAT compliance, and some level of cloud readiness, ERP solutions also supports and are consistent with the initiative for Smart Dubai 2030. Odoo is an example of a flexible & scalable solution. If you're looking for expert support with implementation contact Banibro. www.banibro.com
Test Case Design Techniques – Practical Examples & Best Practices in Software...
Test Case Design Techniques – Practical Examples & Best Practices in Software...Muhammad Fahad Bashir This presentation was part of the SQA & PM Bootcamp, where I served as a trainer. It focuses on effective test case design techniques, blending theoretical knowledge with practical application, especially useful for manual testers and QA beginners.
Video Lecture Recording : https://www.facebook.com/share/v/1Z44DiXN5v/
What’s Covered:
🧾 Definition and Purpose of Test Case Design
🚀 Importance of Structured Test Design
🧠 Test Case Design Techniques Overview:
✅ Black Box Techniques
✅ White Box Techniques
✅ Experience-Based Techniques
📝 Manual Test Case Design in Detail
🔐 Real-World Example: Login Page Test Case
🧩 Black Box Methods Explained with Examples:
Equivalence Partitioning (EP)
Boundary Value Analysis (BVA)
Difference Between EP & BVA
📊 Decision Table Testing
💡 Experience-Based Testing: Error Guessing, Exploratory Testing
📂 White Box Techniques (Introductory Overview)
➕ Much More to Help You Build Strong Manual Testing Skills
This resource is especially helpful for students, aspiring QA professionals, and junior testers looking to master test design fundamentals with clarity and practical insight.
Digital Transformation: Automating the Placement of Medical Interns
Digital Transformation: Automating the Placement of Medical InternsSafe Software Discover how the Health Service Executive (HSE) in Ireland has leveraged FME to implement an automated solution for its “Order of Merit” process, which assigns medical interns to their preferred placements based on applications and academic performance. This presentation will showcase how FME validates applicant data, including placement preferences and academic results, ensuring both accuracy and eligibility. It will also explore how FME automates the matching process, efficiently assigning placements to interns and distributing offer letters. Beyond this, FME actively monitors responses and dynamically reallocates placements in line with the order of merit when offers are accepted or declined. The solution also features a self-service portal (FME Flow Gallery App), enabling administrators to manage the entire process seamlessly, make adjustments, generate reports, and maintain audit logs. Additionally, the system upholds strict data security and governance, utilising FME to encrypt data both at rest and in transit.
Test Case Design Techniques – Practical Examples & Best Practices in Software...
Test Case Design Techniques – Practical Examples & Best Practices in Software...Muhammad Fahad Bashir
A Search-based Testing Approach for XML Injection Vulnerabilities in Web Applications
- 1. .lusoftware verification & validation VVS A Search-based Testing Approach for XML Injection Vulnerabilities in Web Applications Sadeeq Jan, Cu D. Nguyen, Andrea Arcuri, Lionel Briand SnT, University of Luxembourg, Luxembourg ICST2017 10th IEEE International Conference on Software Testing, Verification and Validation 13-17 March 2017, Tokyo,Japan
- 3. 3 • Bypassing authentication • Privilege escalation • Information disclosure • Generating errors/system crash Impact Definition Injecting malicious content into XML files/messages to manipulate or compromise the logic of an application or service XML Injection
- 4. 4 Example: Web Application for User Registration with XML Database Create new account <user> <username>Tom</username> <password>m1U9q10</password> <role>user</role> <mail>[email protected]</mail> </user> <user> <username>admin</username> <password>s4n3p81</password> <role>Administrator</role> <mail>[email protected]</mail> </user> ….. ...... <user> <username>Tom</username> <password>m1U9q10</password> <role>user</role> <mail>[email protected]</mail> </user> XML Database
- 5. <user> <username>Tom</username> <password>m1U9q10</password> <!-- </password> <role>user</role> <mail> --> <role>Administrator</role> <mail>[email protected]</mail> </user> Web Form Generated XML Message Well-formed and valid --><role>Administrator<role><mail>[email protected] m1U9q10</password><!-- 5 XML Injection Example (Privilege Escalation) Malicious strings for SQL injection or Cross-site scripting can also be used here.
- 6. Approach 6
- 7. Testing Focus Front-end System XML I1 I2 In Generated XML Messages Back-end Systems System 1 System 2 System n 7 XML based Systems
- 8. • Is the front-end system (SUT) vulnerable to XML Injections? • Step 1: Create/obtain a set of malicious XML messages 8 How to test the front-end system? Front-end System XML I1 I2 In Generated XML Messages Back-end Systems System 1 System 2 System n
- 9. 9 An example of a malicious XML message created with SOLMI tool SOLMI Generation of Malicious XML Messages • Automatically generating malicious XML messages for different types of XML Injection • Addressed by our tool SOLMI (ISSTA'16)
- 10. 10 How to test the front-end system? • Is the front-end system (SUT) vulnerable to XML Injections? • Step 2: Search for inputs that can result in one of the malicious XML messages (TO) • If such inputs exist, the front-end system is vulnerable, i.e., testing for TO coverage Front-end System XML I1 I2 In Generated XML Messages Back-end Systems System 1 System 2 System n
- 11. SUT 11 Proposed Approach: Search-based Testing (SBT) Front-end System XML I1 I2 In Generated XML Messages Back-end Systems System 1 System 2 System n Search input space to generate malicious XML output, if possible
- 12. • Input space is very large (all possible values of I1, I2…In) • Front-end system à Black-box • Adapted when source code is not available (e.g., external penetration testing) XML I1 I2 In Front-end System Why SBT Approach for XML Injections? 12
- 13. Select * from Users where UserName = 'Mike' and Passwrd = 'abc' OR '1'='1' Unknown input-output transformations 13 Rejects inputs containing malicious characters e.g., <, Converts malicious input to valid ones e.g., delete any text between < and > Domain specific transformation e.g., JSON to XML, calculating age from DOB etc. Passwrd: abc' O<script>R <script>'1'='1 Passwrd: abc' <script…..> abc' abc' OR '1'='1 Validation Sanitisation Other transformations
- 14. SBT Approach for XML Injection 14 Test Objectives (malicious XML messages) TO1 TO2 TOn XML XML XML I1 I2 In Front-end System (SUT) XML Generated XML Messages Test Case Generator Fitness Function Genetic Algorithm String Edit Distance (Levenshtein distance)
- 15. <user> <username>Tom</username> <password>m1U9q10</password> <role>user</role> <mail>a</mail> <role>Administrator</role> <mail>[email protected]</mail> </user> Test Objective (TO) I1à username: Tom I2à password: m1U9q10 I3à Email: “role=Adm”[email protected] <user> <username>Tom</username> <password>m1U9q10</password> <role>user</role> <mail>role=Adm+ [email protected]</mail> </user> Generated XML Fitness Function (d) -Distance between the output XML message and the TO d1=20 Test Generation & Fitness Function (dt-o) Goal: Minimize d (0 is ideal) Test Case1 15 I1 I2 In Front-end System (SUT) Test Case Generator
- 16. <user> <username>Tom</username> <password>m1U9q10</password> <role>user</role> <mail>a</mail> <role>Administrator</role> <mail>[email protected]</mail> </user> Test Objective (TO) I1à username: Tom I2à password: m1U9q10 I3à Email: <role>Administrator</peho>[email protected] <user> <username>Tom</username> <password>m1U9q10</password> <role>user</role> <mail> <role>Administrator<role> <peho>[email protected] </mail> </user> Generated XML d2=10 Test Generation & Fitness Function (dt-o) Goal: Minimize d (0 is ideal) d2 < d1 (Test Case 2 is better Test Case 1) Fitness Function (d) -Distance between the output XML message and the TO 16 I1 I2 In Front-end System (SUT) Test Case Generator Test Case2
- 18. Research Questions To what extent is our search-based approach effective in detecting XMLi vulnerabilities? How does our search-based approach perform compared to random search? 18 RQ1: Effectiveness RQ2: Comparison with random search What is the cost, in terms of execution time, of applying the proposed approach? RQ3: Efficiency
- 19. Additional RQs • Impact of input validation (RQ4) • Impact of the number of input parameters (RQ5) • Impact of input alphabet size (RQ6) • Using all ASCII characters vs only those present in TOs 19
- 20. 20 • Insecure Front-end for Bank Card Processing System (SBANK) • Secure Front-end for Bank Card Processing System (SSBANK) Study 1: RQs 1 to 6 • Open Source Web App (XMLMAO) • Industrial Application (M) Study 2: RQs 1 to 3 Subjects
- 21. Summary of Results 21 Application TO Coverage (SBT) TO Coverage (Random Search) Avg. Exec time per TO (min-max) in mins SBANK (Insecure) 98/98 (100%) 0 10-31 SSBANK (Secure) 36/98 (36.73%) 0 11-25 XMLMao (open source) 24/24 (100%) 0 5-7 M (Industrial App) 1/4 (25 %) 0 32 Note: Each experiment was repeated 10 Times to account for randomness.
- 22. The proposed SBT approach is highly effective in searching for inputs to detect XML Injection vulnerabilities, when they exist. Random Search could not cover a single TO in any experiment, while the proposed approach covered all possible TOs. 22 RQ1: Effectiveness RQ2: Comparison with random search Answers to RQs The average execution time ranges from 5 to 32 minutes per TO, which is acceptable in practice. RQ3: Efficiency
- 23. Input validation adversely affects the TO coverage. 23 RQ4: Impact of input validation Answers to Additional RQs Increasing the number of input parameters makes the search harder. Using restricted alphabet makes the search easier. RQ6: Impact of input alphabet size RQ5: Impact of the number of input parameters
- 24. • A novel search-based testing approach for the detection of XML Injections • Extensive evaluation of the approach • Highly effective in searching for inputs to detect XML Injection vulnerabilities • Random search does not work at all • Generalizable to other types of attacks Conclusion 24
- 25. Summary 25