Write a Blog >>
ICST 2022
Mon 4 - Fri 8 April 2022
Fri 8 Apr 2022 14:20 - 14:40 at Marlyn Meltzer - NEXTA II Chair(s): Michael Felderer

Synthetic static code analysis test suites are important to test the basic functionality of tools. We present a framework that uses different source code patterns to generate Cross Site Scripting and SQL injection test cases. A decision tree is used to determine if the test cases are vulnerable. The test cases are split into two test suites. The first test suite contains 258,432 test cases that have influence on the decision trees. The second test suite contains 20 vulnerable test cases with different data flow patterns. The test cases are scanned with two commercial static code analysis tools to show that they can be used to benchmark and identify problems of static code analysis tools. Expert interviews confirm that the decision tree is a solid way to determine the vulnerable test cases and that the test suites are relevant.

Fri 8 Apr

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

14:20 - 15:00
NEXTA IINEXTA at Marlyn Meltzer
Chair(s): Michael Felderer University of Innsbruck
Generation of PHP vulnerability test cases for XSS and SQLi
Felix Schuckert HTWG Konstanz / NTNU Gjøvik, Basel Katt , Hanno Langweg
Choosing a Test Automation Framework for Programmable Logic Controllers in CODESYS Development Environment
Mikael Ebrahimi Salari Mälardalen University, Eduard Paul Enoiu Mälardalen University, Wasif Afzal , Cristina Seceleanu Mälardalen University
Media Attached