Enterprise applications are a major success domain of Java, and Java is the default setting
for much modern static analysis research. It would stand to reason that high-quality static …

Defect-Based Testing Page 1 Defect-Based Testing Alexander Pretschner Department of
Informatics, Technische Universität München, Germany Abstract. What is a good test case …

Web sessions are fragile and can be attacked at many different levels. Classic attacks like
session hijacking, session fixation and cross-site request forgery are particularly dangerous …

This article introduces a new method for knowledge-based security testing by logic
programming and the related tool implementation for model-based non-functional security …

Web applications have become one of the preferred means for users to perform a number of
crucial and security‐sensitive operations such as selling and buying goods or managing …

Abstract Cross-Site Request Forgery (CSRF) is listed in the top ten list of the Open Web
Application Security Project (OWASP) as one of the most critical threats to web security. A …

We describe the SPaCIoS project, illustrating its main objectives, the results obtained so far
and those that we expect to achieve, in particular, the development of the SPaCIoS Tool, an …

On a regular basis, we learn about well-known online services that have been misused or
compromised by data theft. As insecure applications pose a threat to the users' privacy as …

Detecting security vulnerabilities in web applications is an important task before taking them
on-line. We present JMODEX, a tool that analyzes the code of web applications to extract …

We propose a formal and automated approach that allows one to (i) reason about
vulnerabilities of web applications and (ii) combine multiple vulnerabilities for the …