BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//events.documentfoundation.org//CY3XWH
BEGIN:VTIMEZONE
TZID:Europe/Luxembourg
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-libreoffice-conference-2024-CY3XWH@events.documentfoundation.or
 g
DTSTART;TZID=Europe/Luxembourg:20241010T173000
DTEND;TZID=Europe/Luxembourg:20241010T180000
DESCRIPTION:We present Metamorphic Security Testing (MST)\, a testing autom
 ation approach that integrates test input generation strategies inspired b
 y mutational fuzzing and automatically detects vulnerabilities by verifyin
 g general relations that should always hold between the outputs produced w
 ith valid and mutated inputs. It enables engineers to specify metamorphic 
 relations (MRs) that capture how to modify a valid input as an attacker wo
 uld do and specify the relation between the outputs of the valid and modif
 ied input. We developed a framework that integrates an Eclipse plugin to s
 pecify MRs and automatically tests the system. Further\, we defined a cata
 logue of 76 system-agnostic MRs for Web systems that can discover 45% of t
 he vulnerability types concerning the violations of MITRE security design 
 principles. Our empirical results show that MST can detect 85% of the vuln
 erabilities in Joomla and Jenkins with few false alarms. Ongoing research 
 includes the automated generation of MRs from specification documents by l
 everaging large language models.
DTSTAMP:20260310T130559Z
LOCATION:Room C1.03.05
SUMMARY:Automated Metamorphic Security Testing - Fabrizio Pastore
URL:https://events.documentfoundation.org/libreoffice-conference-2024/talk/
 CY3XWH/
END:VEVENT
END:VCALENDAR