• Publications
  • Influence
Model-Based Security Testing
tl;dr
This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS. Expand
  • 68
  • 6
  • Open Access
Combining Risk Analysis and Security Testing
tl;dr
A systematic integration of risk analysis and security testing allows for optimizing the test process as well as the risk assessment itself by gaining empirical knowledge on the existence of vulnerabilities, applicability and consequences of threat scenarios and the quality of countermeasures. Expand
  • 11
  • 1
The MIDAS Cloud Platform for Testing SOA Applications
tl;dr
We present the MIDAS Testing as a Service (TaaS), a cloud platform for the testing of SOA orchestrations. Expand
  • 8
  • 1
  • Open Access
Online Model-Based Behavioral Fuzzing
tl;dr
We present an approach to make the test execution for behavioral fuzz testing more efficient by generating test cases at runtime instead of before execution, focusing on interesting regions of a message sequence based on a previously conducted risk analysis and reducing the test space by integrating already retrieved test results in the test generation process. Expand
  • 20
  • Open Access
Behavioral Fuzzing Operators for UML Sequence Diagrams
tl;dr
Model-based fuzzing complements model-based testing of functionality in order to find vulnerabilities by injecting invalid input data into the system. Expand
  • 16
Evolution of the UML Interactions Metamodel
tl;dr
We propose improvements to the UML Interactions' metamodel for Message arguments and Loop CombinedFragments that make them more versatile. Expand
  • 5
Extending the UML Testing Profile with a Fine-Grained Test Logging Model
tl;dr
This paper discusses the deficiencies of the UML Testing Profile concerning test logging and suggests an extension to the standard to capture all relevant information of a test execution run. Expand
  • 2
A Negative Input Space Complexity Metric as Selection Criterion for Fuzz Testing
tl;dr
Fuzz testing is an established technique in order to find zero-day-vulnerabilities by stimulating a system under test with invalid or unexpected input data . Expand
  • 2
Systematic Analysis of Practical Issues in Test Automation for Communication Based Systems
tl;dr
A systematic analysis of practical issues related to test automation, which were experienced in two large-scale industrial projects, with safety and security critical relevance. Expand
  • 3