Bernhard Garn and Dimitris Simos @ InSTA 2019

Bernhard Garn and Dimitris Simos from SBA’s MaTRIS research group (https://matris.sba-research.org/) join the 6th International Workshop on Software Test Architecture (http://aster.or.jp/workshops/insta2019/),  colocated with ICST 2019. 

Bernhard and Dimitris also present their paper ‘Practical Combinatorial Testing for XSS Detection using Locally Optimized Attack Models’ (Dimitris E. Simos (SBA Research), Bernhard Garn (SBA Research), Jovan Zivanovic (SBA Research) and Manuel Leithner (SBA Research)). The contributions of this paper include a new modelling scheme for test case generation of XSS attack vectors consisting of locally optimized attack models; a research prototype of an automated black-box security testing tool called XSSInjector for testing web applications for XSS vulnerabilites; and a new test oracle (included in XSSInjector) for detecting XSS during the testing process. This research lead to several real-world vulnerabilities, which were responsibly disclosed and have resulted in CVE entries.

Software test architecture includes analyses of system under test, approaches to design test cases, and notation of software testing. Designing better software test architectures is important for software testing, and the contributed paper’s notion of subgrammars conceptually fit well to topic of InSTA workshop.