SlideShare a Scribd company logo

Sast 2021

Felix Dobslaw
Felix Dobslaw

Speech on Software Boundary Exploration at Swedish Association for Software Testing (SAST) meetup 2021.

Software
1 of 63
Download to read offline
1/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Exploring the Boundaries of our Software Assist. Prof. Felix Dobslaw 25/5/2021 10:50-11:40 CEST https://www.flickr.com/photos/a_siegel/2356136219
2/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Exploring the Boundaries of our Software Assist. Prof. Felix Dobslaw 25/5/2021 10:50-11:40 CEST G https://www.flickr.com/photos/a_siegel/2356136219 Based on collaboration with Robert Feldt, Francisco Gomes de Oliveira Neto
3/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Outline ● Why Boundaries, why exploration? ● Boundary Value…. Testing/Analysis/Exploration – Terminology – Process ● Outlook
4/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Research Questions
5/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Research Questions ● How can we automatically find areas of relevance for testing in our software? – “Boundaries”
6/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Research Questions ● How can we automatically find areas of relevance for testing in our software? – “Boundaries” ● How can we practically support testers in their working routine? – Better fault finding and efficiency
7/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) What do we mean by test automation?
8/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) What do we mean by test automation? Not classical CI/CD running human created test cases automatically
9/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) What do we mean by test automation? Not classical CI/CD running human created test cases automatically But running machine created test cases automatically
https://time.com/3785942/blue-marble/
https://time.com/3785942/blue-marble/ Defining Boundaries is hard
https://time.com/3785942/blue-marble/ Defining Boundaries is hard
https://time.com/3785942/blue-marble/ Defining Boundaries is hard Test Automation Augmentation
https://time.com/3785942/blue-marble/ Defining Boundaries is hard Test Automation Augmentation Diversity
15/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) inputs outputs requirements constraints
16/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Specification: inputs outputs requirements constraints Entirely implicit Greatly detailed
17/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Specification: inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model
18/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model
19/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model
20/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model
21/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model
22/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model Goal vs. System
23/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model Goal vs. System
24/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model Goal vs. System
25/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model Goal vs. System
26/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model Goal vs. System Correct software depends on correct boundaries. Boundary Value Exploration reveals discrepancies between desired and actual behavior.
27/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se)
28/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Boundary Value Testing
29/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Boundary Value Testing BVT: “Execution of specific input pairs in order to ensure that an actual boundary is also expected.”
30/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Boundary Value Analysis Boundary Value Testing BVT: “Execution of specific input pairs in order to ensure that an actual boundary is also expected.”
31/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) BVA: “Analysis of artifacts of the software development process to clarify the expected and actual boundaries of a software.” Boundary Value Analysis Boundary Value Testing BVT: “Execution of specific input pairs in order to ensure that an actual boundary is also expected.”
32/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Boundary Value Analysis Boundary Value Testing Boundary Value Exploration Candidates
33/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Boundary Value Analysis Boundary Value Testing Boundary Value Exploration Candidates
34/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Boundary Value Analysis Boundary Value Testing Boundary Value Exploration Candidates BVE: “A collection of techniques that select or help select inputs to detect and identify boundary candidates.”
35/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Boundary Value Analysis Boundary Value Testing Boundary Value Exploration Candidates BVE: “A collection of techniques that select or help select inputs to detect and identify boundary candidates.”
36/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) byte-count
37/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) byte-count bytecount(int) → human readable string
38/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) byte-count bytecount(int) → human readable string
39/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) byte-count bytecount(int) → human readable string
40/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints BVE Process Example
41/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints
42/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints boundary mining
43/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints boundary mining bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB”
44/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints boundary mining bc(999949) → “999.9 kB” bc(999950) → “1.0 MB” “clear case” bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB”
45/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints boundary mining bc(99999…...16) → BoundsError(“kMGTPE”, 9) bc(99999…...17) → BoundsError(“kMGTPE”, 10) bc(999949) → “999.9 kB” bc(999950) → “1.0 MB” “clear case” not so clear case... bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB”
46/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints boundary mining bc(99999…...16) → BoundsError(“kMGTPE”, 9) bc(99999…...17) → BoundsError(“kMGTPE”, 10) bc(999949) → “999.9 kB” bc(999950) → “1.0 MB” “clear case” not so clear case... bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB” Specification Pull Request:
47/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints boundary mining bc(99999…...16) → BoundsError(“kMGTPE”, 9) bc(99999…...17) → BoundsError(“kMGTPE”, 10) Standardized Specification Syntax: bc(999949) → “999.9 kB” bc(999950) → “1.0 MB” “clear case” not so clear case... bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB” Specification Pull Request:
48/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Specification Pull Request Update: Bc(1_000_000...000) → last valid Bc(1_000_000...001) → ArgumentError(“out of bounce”) program Specification: tests inputs outputs requirements constraints boundary mining bc(99999…...16) → BoundsError(“kMGTPE”, 9) bc(99999…...17) → BoundsError(“kMGTPE”, 10) Standardized Specification Syntax: bc(999949) → “999.9 kB” bc(999950) → “1.0 MB” “clear case” testing → quality assurance not so clear case... bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB” Specification Pull Request:
49/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Specification Pull Request Update: Bc(1_000_000...000) → last valid Bc(1_000_000...001) → ArgumentError(“out of bounce”) program Specification: tests inputs outputs requirements constraints boundary implementation boundary mining bc(99999…...16) → BoundsError(“kMGTPE”, 9) bc(99999…...17) → BoundsError(“kMGTPE”, 10) Standardized Specification Syntax: bc(999949) → “999.9 kB” bc(999950) → “1.0 MB” “clear case” testing → quality assurance not so clear case... bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB” Specification Pull Request:
50/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Specification Pull Request Update: Bc(1_000_000...000) → last valid Bc(1_000_000...001) → ArgumentError(“out of bounce”) program Specification: tests inputs outputs requirements constraints boundary implementation boundary mining bc(99999…...16) → BoundsError(“kMGTPE”, 9) bc(99999…...17) → BoundsError(“kMGTPE”, 10) Standardized Specification Syntax: bc(999949) → “999.9 kB” bc(999950) → “1.0 MB” “clear case” testing → quality assurance not so clear case... bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB” Specification Pull Request:
51/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) How to automatically mine boundaries? ● Without oracle, or only partial information, only having the SUT at hand.
Absolute vs. Relative Assessment R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
SUT x y Absolute vs. Relative Assessment R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
SUT x y Assert y == yexp Absolute vs. Relative Assessment R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
SUT x y Assert y == yexp Absolute vs. Relative Assessment R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
SUT x y x1 x2 y1 y2 SUT SUT Assert y == yexp Absolute vs. Relative Assessment R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
SUT x y x1 x2 y1 y2 ? SUT SUT Assert y == yexp Absolute vs. Relative Assessment R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
SUT x y x1 x2 y1 y2 ? SUT SUT Assert y == yexp Absolute vs. Relative Assessment Distance Metric Examples: Jaccard, Hamming, Euclidean… Very basic one: StringLength R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
SUT x y x1 x2 y1 y2 ? SUT SUT Assert y == yexp Absolute vs. Relative Assessment Distance Metric Examples: Jaccard, Hamming, Euclidean… Very basic one: StringLength Example: 30 and 31 are neighbors in the input space for field month: Date(2021, 30, 4) → “30/4/2021” StringLength is 9 Date(2021, 31, 4) → “ERROR, month field out of bounds.” StringLength is 33 Big difference, this seems to be a boundary candidate! But is it an interesting one?... R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
60/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) F. Dobslaw, F. G. de Oliveira Neto and R. Feldt, "Boundary Value Exploration for Software Analysis," 2020 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW), 2020, pp. 346-353, doi: 10.1109/ICSTW50294.2020.00062.
61/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Interactive Boundary Exploration F. Dobslaw, F. G. de Oliveira Neto and R. Feldt, "Boundary Value Exploration for Software Analysis," 2020 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW), 2020, pp. 346-353, doi: 10.1109/ICSTW50294.2020.00062.
62/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) - Go to www.menti.com - Enter the code 6546 248 - Answer 1 question. Thanks! Questions, Comments?
63/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Please partake in an eye-tracking study! https://studenter.miun.se/~evth1400/EyeGazeStudy/?group=3 Link

Recommended

SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris WysopalThreat Stack
 
What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...Kevin Fealey
 
DAST, SAST, Hybrid, Hybrid 2.0 & IAST - Methodology & Limitations
DAST, SAST, Hybrid, Hybrid 2.0 & IAST - Methodology & LimitationsDAST, SAST, Hybrid, Hybrid 2.0 & IAST - Methodology & Limitations
DAST, SAST, Hybrid, Hybrid 2.0 & IAST - Methodology & LimitationsiAppSecure Solutions
 
Managing Open Source in Application Security and Software Development Lifecycle
Managing Open Source in Application Security and Software Development LifecycleManaging Open Source in Application Security and Software Development Lifecycle
Managing Open Source in Application Security and Software Development LifecycleBlack Duck by Synopsys
 
Open Source Libraries - Managing Risk in Cloud
Open Source Libraries - Managing Risk in Cloud Open Source Libraries - Managing Risk in Cloud
Open Source Libraries - Managing Risk in Cloud Suman Sourav
 
Application Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio ScaleApplication Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio ScaleJeff Williams
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCSuman Sourav
 

Recommended

SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris WysopalThreat Stack
 
What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...Kevin Fealey
 
DAST, SAST, Hybrid, Hybrid 2.0 & IAST - Methodology & Limitations
DAST, SAST, Hybrid, Hybrid 2.0 & IAST - Methodology & LimitationsDAST, SAST, Hybrid, Hybrid 2.0 & IAST - Methodology & Limitations
DAST, SAST, Hybrid, Hybrid 2.0 & IAST - Methodology & LimitationsiAppSecure Solutions
 
Managing Open Source in Application Security and Software Development Lifecycle
Managing Open Source in Application Security and Software Development LifecycleManaging Open Source in Application Security and Software Development Lifecycle
Managing Open Source in Application Security and Software Development LifecycleBlack Duck by Synopsys
 
Open Source Libraries - Managing Risk in Cloud
Open Source Libraries - Managing Risk in Cloud Open Source Libraries - Managing Risk in Cloud
Open Source Libraries - Managing Risk in Cloud Suman Sourav
 
Application Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio ScaleApplication Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio ScaleJeff Williams
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCSuman Sourav
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityContinuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityStephen de Vries
 
DevSecOps: Securing Applications with DevOps
DevSecOps: Securing Applications with DevOpsDevSecOps: Securing Applications with DevOps
DevSecOps: Securing Applications with DevOpsWouter de Kort
 
Security Development Lifecycle Tools
Security Development Lifecycle ToolsSecurity Development Lifecycle Tools
Security Development Lifecycle Toolsn|u - The Open Security Community
 
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45
 
Veracode - Inglês
Veracode - InglêsVeracode - Inglês
Veracode - InglêsDeServ - Tecnologia e Servços
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOpsBlack Duck by Synopsys
 
BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!Parasoft
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneyVeracode
 
Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Kevin Fealey
 
Unit testing : what are you missing for security
Unit testing : what are you missing for securityUnit testing : what are you missing for security
Unit testing : what are you missing for securitySuman Sourav
 
Automation of Security scanning easy or cheese
Automation of Security scanning easy or cheeseAutomation of Security scanning easy or cheese
Automation of Security scanning easy or cheeseKatherine Golovinova
 
Automation of Security scanning easy or cheese?
Automation of Security scanning easy or cheese?Automation of Security scanning easy or cheese?
Automation of Security scanning easy or cheese?Dmitriy Gumeniuk
 
September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source: September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source: Black Duck by Synopsys
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Kyle Lai
 
Manual Code Review
Manual Code ReviewManual Code Review
Manual Code Reviewn|u - The Open Security Community
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'Positive Hack Days
 
A Successful SAST Tool Implementation
A Successful SAST Tool ImplementationA Successful SAST Tool Implementation
A Successful SAST Tool ImplementationCheckmarx
 
Presentation at SCAM 2020
Presentation at SCAM 2020Presentation at SCAM 2020
Presentation at SCAM 2020Felix Dobslaw
 
wasp_2023.pdf
wasp_2023.pdfwasp_2023.pdf
wasp_2023.pdfFelix Dobslaw
 

More Related Content

What's hot

Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityContinuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityStephen de Vries
 
DevSecOps: Securing Applications with DevOps
DevSecOps: Securing Applications with DevOpsDevSecOps: Securing Applications with DevOps
DevSecOps: Securing Applications with DevOpsWouter de Kort
 
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOpsBlack Duck by Synopsys
 
BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!Parasoft
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneyVeracode
 
Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Kevin Fealey
 
Unit testing : what are you missing for security
Unit testing : what are you missing for securityUnit testing : what are you missing for security
Unit testing : what are you missing for securitySuman Sourav
 
Automation of Security scanning easy or cheese
Automation of Security scanning easy or cheeseAutomation of Security scanning easy or cheese
Automation of Security scanning easy or cheeseKatherine Golovinova
 
Automation of Security scanning easy or cheese?
Automation of Security scanning easy or cheese?Automation of Security scanning easy or cheese?
Automation of Security scanning easy or cheese?Dmitriy Gumeniuk
 
September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source: September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source: Black Duck by Synopsys
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Kyle Lai
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'Positive Hack Days
 
A Successful SAST Tool Implementation
A Successful SAST Tool ImplementationA Successful SAST Tool Implementation
A Successful SAST Tool ImplementationCheckmarx
 

What's hot (20)

Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
 
Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityContinuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-Security
 
DevSecOps: Securing Applications with DevOps
DevSecOps: Securing Applications with DevOpsDevSecOps: Securing Applications with DevOps
DevSecOps: Securing Applications with DevOps
 
Security Development Lifecycle Tools
Security Development Lifecycle ToolsSecurity Development Lifecycle Tools
Security Development Lifecycle Tools
 
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Study
 
Veracode - Inglês
Veracode - InglêsVeracode - Inglês
Veracode - Inglês
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life Cycle
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
 
BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
 
Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...
 
Unit testing : what are you missing for security
Unit testing : what are you missing for securityUnit testing : what are you missing for security
Unit testing : what are you missing for security
 
Automation of Security scanning easy or cheese
Automation of Security scanning easy or cheeseAutomation of Security scanning easy or cheese
Automation of Security scanning easy or cheese
 
Automation of Security scanning easy or cheese?
Automation of Security scanning easy or cheese?Automation of Security scanning easy or cheese?
Automation of Security scanning easy or cheese?
 
September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source: September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source:
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
 
Manual Code Review
Manual Code ReviewManual Code Review
Manual Code Review
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
 
A Successful SAST Tool Implementation
A Successful SAST Tool ImplementationA Successful SAST Tool Implementation
A Successful SAST Tool Implementation
 

Similar to Sast 2021

Presentation at SCAM 2020
Presentation at SCAM 2020Presentation at SCAM 2020
Presentation at SCAM 2020Felix Dobslaw
 
SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...
SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...
SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...SBA Research
 
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetExtensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetChristian Folini
 
A new era of opensource hardware Pakistan's story MERL.pdf
A new era of opensource hardware Pakistan's story MERL.pdfA new era of opensource hardware Pakistan's story MERL.pdf
A new era of opensource hardware Pakistan's story MERL.pdfAli Ahmed, Ph.D.
 
Droidcon Online 2020 quick summary
Droidcon Online 2020 quick summaryDroidcon Online 2020 quick summary
Droidcon Online 2020 quick summaryBartosz Kosarzycki
 
Somebody set up us the bomb DevConf.CZ 2022 Lightning Talk
Somebody set up us the bomb DevConf.CZ 2022 Lightning TalkSomebody set up us the bomb DevConf.CZ 2022 Lightning Talk
Somebody set up us the bomb DevConf.CZ 2022 Lightning TalkAllon Mureinik
 
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developersThreat Modelling - It's not just for developers
Threat Modelling - It's not just for developersMITRE ATT&CK
 
Scalable constrained spectral clustering
Scalable constrained spectral clusteringScalable constrained spectral clustering
Scalable constrained spectral clusteringNishanth Harapanahalli
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
 
Cilium - Network and Application Security with BPF and XDP Thomas Graf, Cova...
Cilium - Network and Application Security with BPF and XDP Thomas Graf, Cova...Cilium - Network and Application Security with BPF and XDP Thomas Graf, Cova...
Cilium - Network and Application Security with BPF and XDP Thomas Graf, Cova...Docker, Inc.
 
Tools for mxf-embedded bucore metadata, Dieter Van Rijsselbergen, Jean-Pierre...
Tools for mxf-embedded bucore metadata, Dieter Van Rijsselbergen, Jean-Pierre...Tools for mxf-embedded bucore metadata, Dieter Van Rijsselbergen, Jean-Pierre...
Tools for mxf-embedded bucore metadata, Dieter Van Rijsselbergen, Jean-Pierre...FIAT/IFTA
 
20160221 va interconnect_pub
20160221 va interconnect_pub20160221 va interconnect_pub
20160221 va interconnect_pubCanturk Isci
 
BRKDCN-2670 Day2 operations for Datacenter VxLAN EVPN fabrics.pdf
BRKDCN-2670 Day2 operations for Datacenter VxLAN EVPN fabrics.pdfBRKDCN-2670 Day2 operations for Datacenter VxLAN EVPN fabrics.pdf
BRKDCN-2670 Day2 operations for Datacenter VxLAN EVPN fabrics.pdfHarryH11
 
A factorial study of neural network learning from differences for regression
A factorial study of neural network learning from differences for regressionA factorial study of neural network learning from differences for regression
A factorial study of neural network learning from differences for regressionMathieu d'Aquin
 
Singapore International Cyberweek 2020
Singapore International Cyberweek 2020Singapore International Cyberweek 2020
Singapore International Cyberweek 2020Abhik Roychoudhury
 
SIGRed - Monitoring and Detecting with Splunk
SIGRed - Monitoring and Detecting with SplunkSIGRed - Monitoring and Detecting with Splunk
SIGRed - Monitoring and Detecting with SplunkAnthony Reinke
 
Economies of Scaling Software
Economies of Scaling SoftwareEconomies of Scaling Software
Economies of Scaling SoftwareJoshua Long
 

Similar to Sast 2021 (20)

Presentation at SCAM 2020
Presentation at SCAM 2020Presentation at SCAM 2020
Presentation at SCAM 2020
 
wasp_2023.pdf
wasp_2023.pdfwasp_2023.pdf
wasp_2023.pdf
 
SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...
SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...
SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...
 
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetExtensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
 
A new era of opensource hardware Pakistan's story MERL.pdf
A new era of opensource hardware Pakistan's story MERL.pdfA new era of opensource hardware Pakistan's story MERL.pdf
A new era of opensource hardware Pakistan's story MERL.pdf
 
Droidcon Online 2020 quick summary
Droidcon Online 2020 quick summaryDroidcon Online 2020 quick summary
Droidcon Online 2020 quick summary
 
Somebody set up us the bomb DevConf.CZ 2022 Lightning Talk
Somebody set up us the bomb DevConf.CZ 2022 Lightning TalkSomebody set up us the bomb DevConf.CZ 2022 Lightning Talk
Somebody set up us the bomb DevConf.CZ 2022 Lightning Talk
 
Threat Modelling - It's not just for developers
Threat Modelling - It's not just for developersThreat Modelling - It's not just for developers
Threat Modelling - It's not just for developers
 
Scalable constrained spectral clustering
Scalable constrained spectral clusteringScalable constrained spectral clustering
Scalable constrained spectral clustering
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
 
Cilium - Network and Application Security with BPF and XDP Thomas Graf, Cova...
Cilium - Network and Application Security with BPF and XDP Thomas Graf, Cova...Cilium - Network and Application Security with BPF and XDP Thomas Graf, Cova...
Cilium - Network and Application Security with BPF and XDP Thomas Graf, Cova...
 
Tools for mxf-embedded bucore metadata, Dieter Van Rijsselbergen, Jean-Pierre...
Tools for mxf-embedded bucore metadata, Dieter Van Rijsselbergen, Jean-Pierre...Tools for mxf-embedded bucore metadata, Dieter Van Rijsselbergen, Jean-Pierre...
Tools for mxf-embedded bucore metadata, Dieter Van Rijsselbergen, Jean-Pierre...
 
20160221 va interconnect_pub
20160221 va interconnect_pub20160221 va interconnect_pub
20160221 va interconnect_pub
 
BRKDCN-2670 Day2 operations for Datacenter VxLAN EVPN fabrics.pdf
BRKDCN-2670 Day2 operations for Datacenter VxLAN EVPN fabrics.pdfBRKDCN-2670 Day2 operations for Datacenter VxLAN EVPN fabrics.pdf
BRKDCN-2670 Day2 operations for Datacenter VxLAN EVPN fabrics.pdf
 
A factorial study of neural network learning from differences for regression
A factorial study of neural network learning from differences for regressionA factorial study of neural network learning from differences for regression
A factorial study of neural network learning from differences for regression
 
Singapore International Cyberweek 2020
Singapore International Cyberweek 2020Singapore International Cyberweek 2020
Singapore International Cyberweek 2020
 
SIGRed - Monitoring and Detecting with Splunk
SIGRed - Monitoring and Detecting with SplunkSIGRed - Monitoring and Detecting with Splunk
SIGRed - Monitoring and Detecting with Splunk
 
Portfolio
PortfolioPortfolio
Portfolio
 
Economies of Scaling Software
Economies of Scaling SoftwareEconomies of Scaling Software
Economies of Scaling Software
 
Dlbpos 20
Dlbpos 20Dlbpos 20
Dlbpos 20
 

More from Felix Dobslaw

Software testing research solving real-world problems
Software testing research solving real-world problemsSoftware testing research solving real-world problems
Software testing research solving real-world problemsFelix Dobslaw
 
Boundary Value Exploration for Software Analysis
Boundary Value Exploration for Software AnalysisBoundary Value Exploration for Software Analysis
Boundary Value Exploration for Software AnalysisFelix Dobslaw
 
Estimating Return on Investment for GUI Test Automation Frameworks
Estimating Return on Investment for GUI Test Automation FrameworksEstimating Return on Investment for GUI Test Automation Frameworks
Estimating Return on Investment for GUI Test Automation FrameworksFelix Dobslaw
 
Using Diversity for Automated Boundary Value Testing
Using Diversity for Automated Boundary Value TestingUsing Diversity for Automated Boundary Value Testing
Using Diversity for Automated Boundary Value TestingFelix Dobslaw
 
A Future where we don’t write tests
A Future where we don’t write testsA Future where we don’t write tests
A Future where we don’t write testsFelix Dobslaw
 
Towards Automated Boundary Value Testing with Program Derivatives and Search
Towards Automated Boundary Value Testing with Program Derivatives and SearchTowards Automated Boundary Value Testing with Program Derivatives and Search
Towards Automated Boundary Value Testing with Program Derivatives and SearchFelix Dobslaw
 

More from Felix Dobslaw (6)

Software testing research solving real-world problems
Software testing research solving real-world problemsSoftware testing research solving real-world problems
Software testing research solving real-world problems
 
Boundary Value Exploration for Software Analysis
Boundary Value Exploration for Software AnalysisBoundary Value Exploration for Software Analysis
Boundary Value Exploration for Software Analysis
 
Estimating Return on Investment for GUI Test Automation Frameworks
Estimating Return on Investment for GUI Test Automation FrameworksEstimating Return on Investment for GUI Test Automation Frameworks
Estimating Return on Investment for GUI Test Automation Frameworks
 
Using Diversity for Automated Boundary Value Testing
Using Diversity for Automated Boundary Value TestingUsing Diversity for Automated Boundary Value Testing
Using Diversity for Automated Boundary Value Testing
 
A Future where we don’t write tests
A Future where we don’t write testsA Future where we don’t write tests
A Future where we don’t write tests
 
Towards Automated Boundary Value Testing with Program Derivatives and Search
Towards Automated Boundary Value Testing with Program Derivatives and SearchTowards Automated Boundary Value Testing with Program Derivatives and Search
Towards Automated Boundary Value Testing with Program Derivatives and Search
 

Recently uploaded

Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Intelisync
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 

Recently uploaded (20)

Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 

Sast 2021

  • 1. 1/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Exploring the Boundaries of our Software Assist. Prof. Felix Dobslaw 25/5/2021 10:50-11:40 CEST https://www.flickr.com/photos/a_siegel/2356136219
  • 2. 2/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Exploring the Boundaries of our Software Assist. Prof. Felix Dobslaw 25/5/2021 10:50-11:40 CEST G https://www.flickr.com/photos/a_siegel/2356136219 Based on collaboration with Robert Feldt, Francisco Gomes de Oliveira Neto
  • 3. 3/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Outline ● Why Boundaries, why exploration? ● Boundary Value…. Testing/Analysis/Exploration – Terminology – Process ● Outlook
  • 4. 4/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Research Questions
  • 5. 5/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Research Questions ● How can we automatically find areas of relevance for testing in our software? – “Boundaries”
  • 6. 6/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Research Questions ● How can we automatically find areas of relevance for testing in our software? – “Boundaries” ● How can we practically support testers in their working routine? – Better fault finding and efficiency
  • 7. 7/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) What do we mean by test automation?
  • 8. 8/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) What do we mean by test automation? Not classical CI/CD running human created test cases automatically
  • 9. 9/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) What do we mean by test automation? Not classical CI/CD running human created test cases automatically But running machine created test cases automatically
  • 14. https://time.com/3785942/blue-marble/ Defining Boundaries is hard Test Automation Augmentation Diversity
  • 15. 15/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) inputs outputs requirements constraints
  • 16. 16/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Specification: inputs outputs requirements constraints Entirely implicit Greatly detailed
  • 17. 17/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Specification: inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model
  • 18. 18/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model
  • 19. 19/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model
  • 20. 20/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model
  • 21. 21/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model
  • 22. 22/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model Goal vs. System
  • 23. 23/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model Goal vs. System
  • 24. 24/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model Goal vs. System
  • 25. 25/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model Goal vs. System
  • 26. 26/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests validate Specification inputs outputs requirements constraints Entirely implicit Greatly detailed Waterfall Model Goal vs. System Correct software depends on correct boundaries. Boundary Value Exploration reveals discrepancies between desired and actual behavior.
  • 27. 27/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se)
  • 28. 28/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Boundary Value Testing
  • 29. 29/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Boundary Value Testing BVT: “Execution of specific input pairs in order to ensure that an actual boundary is also expected.”
  • 30. 30/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Boundary Value Analysis Boundary Value Testing BVT: “Execution of specific input pairs in order to ensure that an actual boundary is also expected.”
  • 31. 31/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) BVA: “Analysis of artifacts of the software development process to clarify the expected and actual boundaries of a software.” Boundary Value Analysis Boundary Value Testing BVT: “Execution of specific input pairs in order to ensure that an actual boundary is also expected.”
  • 32. 32/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Boundary Value Analysis Boundary Value Testing Boundary Value Exploration Candidates
  • 33. 33/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Boundary Value Analysis Boundary Value Testing Boundary Value Exploration Candidates
  • 34. 34/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Boundary Value Analysis Boundary Value Testing Boundary Value Exploration Candidates BVE: “A collection of techniques that select or help select inputs to detect and identify boundary candidates.”
  • 35. 35/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Boundary Value Analysis Boundary Value Testing Boundary Value Exploration Candidates BVE: “A collection of techniques that select or help select inputs to detect and identify boundary candidates.”
  • 36. 36/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) byte-count
  • 37. 37/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) byte-count bytecount(int) → human readable string
  • 38. 38/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) byte-count bytecount(int) → human readable string
  • 39. 39/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) byte-count bytecount(int) → human readable string
  • 40. 40/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints BVE Process Example
  • 41. 41/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints
  • 42. 42/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints boundary mining
  • 43. 43/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints boundary mining bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB”
  • 44. 44/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints boundary mining bc(999949) → “999.9 kB” bc(999950) → “1.0 MB” “clear case” bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB”
  • 45. 45/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints boundary mining bc(99999…...16) → BoundsError(“kMGTPE”, 9) bc(99999…...17) → BoundsError(“kMGTPE”, 10) bc(999949) → “999.9 kB” bc(999950) → “1.0 MB” “clear case” not so clear case... bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB”
  • 46. 46/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints boundary mining bc(99999…...16) → BoundsError(“kMGTPE”, 9) bc(99999…...17) → BoundsError(“kMGTPE”, 10) bc(999949) → “999.9 kB” bc(999950) → “1.0 MB” “clear case” not so clear case... bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB” Specification Pull Request:
  • 47. 47/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) program Specification: tests inputs outputs requirements constraints boundary mining bc(99999…...16) → BoundsError(“kMGTPE”, 9) bc(99999…...17) → BoundsError(“kMGTPE”, 10) Standardized Specification Syntax: bc(999949) → “999.9 kB” bc(999950) → “1.0 MB” “clear case” not so clear case... bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB” Specification Pull Request:
  • 48. 48/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Specification Pull Request Update: Bc(1_000_000...000) → last valid Bc(1_000_000...001) → ArgumentError(“out of bounce”) program Specification: tests inputs outputs requirements constraints boundary mining bc(99999…...16) → BoundsError(“kMGTPE”, 9) bc(99999…...17) → BoundsError(“kMGTPE”, 10) Standardized Specification Syntax: bc(999949) → “999.9 kB” bc(999950) → “1.0 MB” “clear case” testing → quality assurance not so clear case... bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB” Specification Pull Request:
  • 49. 49/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Specification Pull Request Update: Bc(1_000_000...000) → last valid Bc(1_000_000...001) → ArgumentError(“out of bounce”) program Specification: tests inputs outputs requirements constraints boundary implementation boundary mining bc(99999…...16) → BoundsError(“kMGTPE”, 9) bc(99999…...17) → BoundsError(“kMGTPE”, 10) Standardized Specification Syntax: bc(999949) → “999.9 kB” bc(999950) → “1.0 MB” “clear case” testing → quality assurance not so clear case... bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB” Specification Pull Request:
  • 50. 50/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Specification Pull Request Update: Bc(1_000_000...000) → last valid Bc(1_000_000...001) → ArgumentError(“out of bounce”) program Specification: tests inputs outputs requirements constraints boundary implementation boundary mining bc(99999…...16) → BoundsError(“kMGTPE”, 9) bc(99999…...17) → BoundsError(“kMGTPE”, 10) Standardized Specification Syntax: bc(999949) → “999.9 kB” bc(999950) → “1.0 MB” “clear case” testing → quality assurance not so clear case... bc(999999) → “1000.0 kB” bc(1000000) → “1.0 MB” Specification Pull Request:
  • 51. 51/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) How to automatically mine boundaries? ● Without oracle, or only partial information, only having the SUT at hand.
  • 52. Absolute vs. Relative Assessment R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
  • 53. SUT x y Absolute vs. Relative Assessment R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
  • 54. SUT x y Assert y == yexp Absolute vs. Relative Assessment R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
  • 55. SUT x y Assert y == yexp Absolute vs. Relative Assessment R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
  • 56. SUT x y x1 x2 y1 y2 SUT SUT Assert y == yexp Absolute vs. Relative Assessment R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
  • 57. SUT x y x1 x2 y1 y2 ? SUT SUT Assert y == yexp Absolute vs. Relative Assessment R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
  • 58. SUT x y x1 x2 y1 y2 ? SUT SUT Assert y == yexp Absolute vs. Relative Assessment Distance Metric Examples: Jaccard, Hamming, Euclidean… Very basic one: StringLength R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
  • 59. SUT x y x1 x2 y1 y2 ? SUT SUT Assert y == yexp Absolute vs. Relative Assessment Distance Metric Examples: Jaccard, Hamming, Euclidean… Very basic one: StringLength Example: 30 and 31 are neighbors in the input space for field month: Date(2021, 30, 4) → “30/4/2021” StringLength is 9 Date(2021, 31, 4) → “ERROR, month field out of bounds.” StringLength is 33 Big difference, this seems to be a boundary candidate! But is it an interesting one?... R. Feldt and F. Dobslaw. "Towards automated boundary value testing with program derivatives and search." International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
  • 60. 60/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) F. Dobslaw, F. G. de Oliveira Neto and R. Feldt, "Boundary Value Exploration for Software Analysis," 2020 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW), 2020, pp. 346-353, doi: 10.1109/ICSTW50294.2020.00062.
  • 61. 61/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Interactive Boundary Exploration F. Dobslaw, F. G. de Oliveira Neto and R. Feldt, "Boundary Value Exploration for Software Analysis," 2020 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW), 2020, pp. 346-353, doi: 10.1109/ICSTW50294.2020.00062.
  • 62. 62/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) - Go to www.menti.com - Enter the code 6546 248 - Answer 1 question. Thanks! Questions, Comments?
  • 63. 63/63 --- Exploring the Boundaries of our Software, SAST 2021, Felix Dobslaw (felix.dobslaw@miun.se) Please partake in an eye-tracking study! https://studenter.miun.se/~evth1400/EyeGazeStudy/?group=3 Link