It is our pleasure to announce the GaSES 2019 - 3rd International Genoa Software Engineering School on Automated Functional and Security Testing of Web and Mobile Applications in Genova, Italy on May 13-16, 2019 hosted by the University of Genova.

The previous editions of the Genoa Software Engineering School were:

  • GaSES 2018 with a focus on Requirements Engineering in agile, data-driven development contexts, and not only
  • GaSES 2017 with a focus on Automated Software Testing

This year, our goal is to bring together academic and industrial researchers along with PhD students to provide participants an opportunity to get first-hand knowledge from experts of recent research technologies in the field of Software Testing of Web and Mobile Applications with a particular emphasis on Functional and Security aspects.


Testing is the key activity for ensuring software quality during development. Unfortunately, current testing practice is quite effort intensive since it often relies heavily on manual activities. Test automation aims at reducing the cost of software testing by automating several of the involved activities. This school offers an overview of the most advanced techniques for automated testing of Web and Mobile apps. Given the high relevance of this kind of applications, both functional and security aspects should be considered.

Automated Functional and Security Testing

The goal of functional testing is exercising the application under test to detect failures, i.e., deviations from the intended behavior. Often, Web and Mobile test automation tools operate at the graphical user interface (GUI) level, by interacting with the elements that are displayed on the GUI, as seen by the end users. On the contrary, security testing is very different from functional testing since its goal is revealing flaws in the security mechanisms of the application under test.

The school will provide a self-contained overview of the current state of the art in the context of functional and security testing of Web and Mobile apps. The school will include a variety of lessons concerning cutting-edge techniques related to: test automation at the unit, integration and system level; usage of automated testing tools (e.g., DOM-based and Visual tools) and methods to face the problems hindering test automation (e.g., fragile/brittle test scripts problem); design patterns specific for Web and Mobile apps (e.g., the page object pattern), automatic test case generation (based on search-based algorithms and dynamic symbolic execution) and security vulnerabilities (e.g., XSS and SQL-i, detected by inter-procedural flow and taint analysis).


The course includes theory lectures in the morning (3h each) and hands-on, project oriented labs in the afternoon (3h). The laboratory sessions scheduled for the afternoon are dedicated to practical tasks. For students interested in passing the final exam and getting the certification, the last afternoon will be an exam session, focused on the results produced in the laboratories.

University of Genova

DIBRIS Department, Via Dodecaneso, 35 16146 Genova, Italy

May 13 - 16, 2019

9:45 - 17:00

Register Now!

Application deadline: 15 April 2019

Free Lunch

Don't miss it

Lessons Schedule

Abstract: In this lecture, we introduce notions of Test automation providing real examples of approaches and tools (e.g, Selenium WebDriver and Katalon). In particular, we report some empirical findings about the current practice of End-to-End (E2E) testing of Web applications and present recent results from our research in the field.

We have empirically investigated the practice of E2E web testing by considering how web test scripts are developed, contrasting capture-replay vs. programmable approaches, and how test scripts localize the web elements they interact with (e.g., using image recognition algorithms), focusing on the robustness of locators.

Based on such empirical findings, our recent research addressed the challenge of producing robust and loosely coupled test scripts. In particular, we have developed ROBULA+, a tool for the automated creation of robust web locators, and APOGEN, a tool for the automated generation of page objects.

Abstract: This talk introduces EvoMaster: a tool that can automatically generate white-box, system level tests, using evolutionary search. At the moment, EvoMaster focuses on RESTful APIs, which are the most common type of web services in web and enterprise applications.

EvoMaster can automatically instrument JVM bytecode to extract white-box information from the system under test. To scale with the (hundreds of) thousands of test objectives that need to be covered, EvoMaster introduces the Many Independent Objective (MIO) evolutionary algorithm. Empirical studies have shown that it was possible to automatically find tens of real bugs in existing RESTful APIs.

This talk shows how search-based tools like EvoMaster operate, and what are the current research challenges that need to be addressed.

EvoMaster is released as open-source on Github. More info at:

Abstract: Mobile applications and specifically their UI exhibit a set of features that make their design, implementation and testing particularly challenging: the variety of devices with their different characteristics and the quick pace of evolution. As with other types of E2E testing, the fragility of test cases represents an important hurdle to a wider adoption. This lecture will analyze the mobile-specific features of E2E testing; it will provide an overview of the testing technology approaches and the main tools available. A focus on the main causes of test fragility will provide an overview of the main pitfalls and provide a set of guidelines to avoid them. Finally we will focus on the prospective techniques to combine different approach to achieve higher test resilience and reusability. The lecture will provide evidence gathered from large empirical studies of OSS as well as experiment conducted on specific use cases.

Keywords: automated test generation, search based software engineering, genetic algorithms, web testing

Abstract: Search based algorithms can be used to find approximate solutions to arbitrary optimization problems, modelled as one or more fitness functions to be minimized or maximized. In this lecture I will first give an overview of the most widely used search based algorithms, including hill climbing, simulated annealing, tabu search and genetic algorithms. Then, I will show how these algorithms can be used to address the problem of automatically generating the test data necessary to ensure a given test adequacy level is met (e.g., branch coverage). As a special case, I will present the usage of genetic algorithms for the generation of unit test cases under the assumption that the unit under test is a class, hence requiring its stateful instances to be created, manipulated and eventually exercised. I will describe an example of chromosome commonly adopted to represent an object oriented test case and I will also present the genetic operators that can be used to manipulate such chromosome. Then, I will focus on alternative problem formulations that try to address the problem of infeasible and difficult test targets. In particular, I will describe in depth a novel many objective sorting algorithm that addresses such problem by means of many-objective optimization based on a custom ranking function. I will conclude with an application of search based algorithms for the automated generation of end-to-end test cases for web applications.

Abstract: Security testing is a pivotal activity in engineering secure software. It consists of two phases: generating attack inputs to test the system, and assessing whether test executions expose any vulnerabilities. This lecture aims at providing the foundations behind security testing, with a particular attention to web applications. The lecture covers the attack models of prominent vulnerabilities. Foundational automated techniques will be presented for black-box and white-box security testing.

Who's Speaking?

MAURIZIO LEOTTA is Assistant Professor at the University of Genova, Italy. He received his PhD degree in Computer Science from the same University, in 2015, with the thesis "Automated Web Testing: Analysis and Maintenance Effort Reduction".
He is author of more than 60 research papers published in international journals and conferences/workshops. His current research interests are in software engineering, with a particular focus on the following themes: Web/Mobile/IoT application testing, functional test automation, and empirical software engineering.
His paper ROBULA+: An Algorithm for Generating Robust XPath Locators for Web Testing published by the Journal of Software: Evolution and Process has been invited for presentation at the Journal First track of the 32nd IEEE International Conference on Software Maintenance and Evolution (ICSME 2016).

Home Page      Google Scholar      School Director
FILIPPO RICCA is Associate Professor at the University of Genova, Italy. He received his PhD degree in Computer Science from the same University, in 2003, with the thesis "Analysis, Testing and Re-structuring of Web Applications". He was the recipient of the ICSE Most Influential Paper (MIP) award with the paper Analysis and Testing of Web Applications.
He is author or coauthor of more than 100 research papers published in international journals and conferences/workshops. He regularly reviews papers for journals such as TSE, IST, EMSE and JSME. From 1999 to 2006, he worked with the Software Engineering group at ITC-irst (now FBK-irst), Trento, Italy. During this time he was part of the team that worked on reverse engineering, re-engineering and software testing. His current research interests include empirical studies in software engineering, web applications and software testing.
The research is mainly conducted through empirical methods such as case studies, controlled experiments and surveys.

Home Page      Google Scholar      School Director
PAOLO TONELLA is Full Professor at the Faculty of Informatics and at the Software Institute of Università della Svizzera Italiana (USI) in Lugano, Switzerland. He is Honorary Professor at University College London, UK and he is Affiliated Fellow of Fondazione Bruno Kessler, Trento, Italy, where he has been Head of Software Engineering until mid 2018.
Paolo Tonella holds an ERC Advanced grant as Principal Investigator of the project PRECRIME. Paolo Tonella wrote over 150 peer reviewed conference papers and over 50 journal papers. He is/was in the editorial board of the ACM TOSEM, of the IEEE TSE, of EMSE, Springer, and of the JSEP, Wiley.
Paolo Tonella has given foundational contributions to Software Engineering, in the area of code analysis and testing. His ICSE Most Influential Paper (MIP) award winning paper, Analysis and Testing of Web Applications, initiated a new stream of research devoted to the development of testing techniques for web applications.

Home Page      Google Scholar
MARIANO CECCATO is tenured Researcher in the Security & Trust research unit in Fondazione Bruno Kessler, Trento, Italy. He received the PhD in Computer Science from the University of Trento in 2006 with the thesis "Migrating Object Oriented code to Aspect Oriented Programming". He is author or coauthor of more than 70 research papers published in international journals and conferences/workshops. He was recently visiting research scientist in the Software Verification and Validation Laboratory Centre for ICT Security, Reliability, and Trust (SnT), University of Luxembourg. His research interests include security testing, penetration testing, code hardening and empirical studies.

Home Page      Google Scholar
MARCO TORCHIANO is Associate Professor at the Control and Computer Engineering Dept. of Politecnico di Torino, Italy; he has been post-doctoral research fellow at Norwegian University of Science and Technology (NTNU), Norway. He received an MSc and a PhD in Computer Engineering from Politecnico di Torino. He is Senior Member of the IEEE and member of the software engineering committee of UNINFO (part of ISO/IEC JTC 1). He is author or co-author of over 140 research papers published in international journals and conferences, of the book 'Software Development-Case studies in Java' from Addison-Wesley, and co-editor of the book 'Developing Services for the Wireless Internet' from Springer. He recently was a visiting professor at Polytechnique Montreal studying software energy consumption. His current research interests are: green software, UI testing methods, open-data quality, and software modeling notations. The methodological approach he adopts is that of empirical software engineering. Follow him on twitter @mtorchiano

Home Page      Google Scholar
ANDREA ARCURI is a Professor of Software Engineering at Kristiania University College, Oslo, Norway. His main research interests are in software testing, especially test case generation using evolutionary algorithms. Having worked 5 years in industry as a senior engineer, a main focus of his research is to design novel research solutions that can actually be used in practice. Dr. Arcuri is the main-author of EvoMaster and a co-author of EvoSuite, which are tools that can automatically generate test cases using evolutionary algorithms. He received his PhD in software testing from the University of Birmingham, UK, in 2009.

Home Page      Google Scholar      Invited Speaker

Ask Question?

How to reach the school?
Which document can i bring to meeting?
Your laptop is all you need!
How to register?
School registration fees:

  • - Academics (Phd Students, Postdocs, etc): EUR 100
  • - Professionals: EUR 200
  • - UniGE Academics: no fee

We hope that the proposed fees will be sustainable to most and, at the same time, solve the problem of last minute cancellations. Should this not be the case, we will gladly consider requests to reduce or waive the fee.

>>> Registration Form <<<

Application deadline: 15 April 2019

Once accepted, each candidate has to follow the instructions in the acceptance email and proceed with the payment.

Contact Us

If you have any questions, please don't hesitate to contact the School Directors:

Dr. Maurizio Leotta and Prof. Filippo Ricca