The DevOps model promises to allow software companies to significantly faster (i.e., more frequently) shipping updates to their customers. A key requirement for this is a high degree of test automation: This does not only apply to testing functional testing, it is at least as important for all security testing activities – which are still often done manually or semi-automated.
Specification-based sequence testing is usually associated with various kinds of automaton models. While it is intuitive to model sequential systems (or communicating systems) as automatons, there is an interesting alternative: monads. Monads have been proven to be very successful in functional programming (e.g., Haskell) for representing step-wise computations. Thus, why not use them for sequence testing?
Do you want to join a world-class computer science department and lead the establishment of a information and computer security research group? Then now is the right time to apply.
These days, it feels like news reports about data security breaches are commonplace. It looks like as if the attackers won and securing IT systems is a Sisyphean task.
Combining web and native technologies creates new security challenges as, e. g., an XSS attacker becomes more powerful. For example, a XSS vulnerability might allow an attacker to access the calendar of a device or delete the address book.
We are proud to announce the release of HOL-TestGen 1.8. HOL-TestGen is a formal specification-based test environment HOL-TestGen that allows to have a seamless transition from verification to test case generation using symbolic computation in Isabelle/HOL.
I am looking forward to my first OWASP meeting in Sheffield (it’s actually the second meeting of the Sheffield OWASP Chapter). I will give a talk on my experiences in introducing and implementing a security testing strategy within a large (more than 25000 developers) and international software development team. There will be even more interesting talks (as well as free beer in pizza).