It is our pleasure to announce the GaSES 2019 - 3rd International Genoa Software Engineering School on Automated Functional and Security Testing of Web and Mobile Applications in Genova, Italy on May 13-16, 2019 hosted by the University of Genova.
The previous editions of the Genoa Software Engineering School were:
This year, our goal is to bring together academic and industrial researchers along with PhD students to provide participants an opportunity to get first-hand knowledge from experts of recent research technologies in the field of Software Testing of Web and Mobile Applications with a particular emphasis on Functional and Security aspects.
Testing is the key activity for ensuring software quality during development. Unfortunately, current testing practice is quite effort intensive since it often relies heavily on manual activities. Test automation aims at reducing the cost of software testing by automating several of the involved activities. This school offers an overview of the most advanced techniques for automated testing of Web and Mobile apps. Given the high relevance of this kind of applications, both functional and security aspects should be considered.
The goal of functional testing is exercising the application under test to detect failures, i.e., deviations from the intended behavior. Often, Web and Mobile test automation tools operate at the graphical user interface (GUI) level, by interacting with the elements that are displayed on the GUI, as seen by the end users. On the contrary, security testing is very different from functional testing since its goal is revealing flaws in the security mechanisms of the application under test.
The school will provide a self-contained overview of the current state of the art in the context of functional and security testing of Web and Mobile apps. The school will include a variety of lessons concerning cutting-edge techniques related to: test automation at the unit, integration and system level; usage of automated testing tools (e.g., DOM-based and Visual tools) and methods to face the problems hindering test automation (e.g., fragile/brittle test scripts problem); design patterns specific for Web and Mobile apps (e.g., the page object pattern), automatic test case generation (based on search-based algorithms and dynamic symbolic execution) and security vulnerabilities (e.g., XSS and SQL-i, detected by inter-procedural flow and taint analysis).
The course includes theory lectures in the morning (3h each) and hands-on, project oriented labs in the afternoon (3h). The laboratory sessions scheduled for the afternoon are dedicated to practical tasks. For students interested in passing the final exam and getting the certification, the last afternoon will be an exam session, focused on the results produced in the laboratories.
University of GenovaDIBRIS Department, Via Dodecaneso, 35 16146 Genova, Italy
May 13 - 16, 20199:45 - 17:00
Register Now!Application deadline: 15 April 2019
Free LunchDon't miss it
Abstract: In this lecture, we introduce notions of Test automation providing real examples of approaches and tools (e.g, Selenium WebDriver and Katalon). In particular, we report some empirical findings about the current practice of End-to-End (E2E) testing of Web applications and present recent results from our research in the field.
We have empirically investigated the practice of E2E web testing by considering how web test scripts are developed, contrasting capture-replay vs. programmable approaches, and how test scripts localize the web elements they interact with (e.g., using image recognition algorithms), focusing on the robustness of locators.
Based on such empirical findings, our recent research addressed the challenge of producing robust and loosely coupled test scripts. In particular, we have developed ROBULA+, a tool for the automated creation of robust web locators, and APOGEN, a tool for the automated generation of page objects.
Abstract: This talk introduces EvoMaster: a tool that can automatically generate white-box, system level tests, using evolutionary search. At the moment, EvoMaster focuses on RESTful APIs, which are the most common type of web services in web and enterprise applications.
EvoMaster can automatically instrument JVM bytecode to extract white-box information from the system under test. To scale with the (hundreds of) thousands of test objectives that need to be covered, EvoMaster introduces the Many Independent Objective (MIO) evolutionary algorithm. Empirical studies have shown that it was possible to automatically find tens of real bugs in existing RESTful APIs.
This talk shows how search-based tools like EvoMaster operate, and what are the current research challenges that need to be addressed.
EvoMaster is released as open-source on Github. More info at: www.evomaster.org
Abstract: Mobile applications and specifically their UI exhibit a set of features that make their design, implementation and testing particularly challenging: the variety of devices with their different characteristics and the quick pace of evolution. As with other types of E2E testing, the fragility of test cases represents an important hurdle to a wider adoption. This lecture will analyze the mobile-specific features of E2E testing; it will provide an overview of the testing technology approaches and the main tools available. A focus on the main causes of test fragility will provide an overview of the main pitfalls and provide a set of guidelines to avoid them. Finally we will focus on the prospective techniques to combine different approach to achieve higher test resilience and reusability. The lecture will provide evidence gathered from large empirical studies of OSS as well as experiment conducted on specific use cases.
Keywords: automated test generation, search based software engineering, genetic algorithms, web testing
Abstract: Search based algorithms can be used to find approximate solutions to arbitrary optimization problems, modelled as one or more fitness functions to be minimized or maximized. In this lecture I will first give an overview of the most widely used search based algorithms, including hill climbing, simulated annealing, tabu search and genetic algorithms. Then, I will show how these algorithms can be used to address the problem of automatically generating the test data necessary to ensure a given test adequacy level is met (e.g., branch coverage). As a special case, I will present the usage of genetic algorithms for the generation of unit test cases under the assumption that the unit under test is a class, hence requiring its stateful instances to be created, manipulated and eventually exercised. I will describe an example of chromosome commonly adopted to represent an object oriented test case and I will also present the genetic operators that can be used to manipulate such chromosome. Then, I will focus on alternative problem formulations that try to address the problem of infeasible and difficult test targets. In particular, I will describe in depth a novel many objective sorting algorithm that addresses such problem by means of many-objective optimization based on a custom ranking function. I will conclude with an application of search based algorithms for the automated generation of end-to-end test cases for web applications.
Abstract: Security testing is a pivotal activity in engineering secure software. It consists of two phases: generating attack inputs to test the system, and assessing whether test executions expose any vulnerabilities. This lecture aims at providing the foundations behind security testing, with a particular attention to web applications. The lecture covers the attack models of prominent vulnerabilities. Foundational automated techniques will be presented for black-box and white-box security testing.
Genova, the capital of Liguria, stretches along the bay of the same name from Voltri to the west as far as Nervi to the east, while the hinterland area takes in the lower parts of the Polcevera and Bisagno Valleys.
The original nucleus of the city, which already existed in pre-Roman times, developed around the Mandraccio wharf area and on Castello Hill, which overlooks it.
In the ninth century, the Genoese built the first town walls and laid the foundations for the development of shipping and sea-trading, which would eventually make the Republic of Genoa a Mediterranean sea power and create a dominion stretching across the entire region of Liguria. From the nineteenth century onwards, the great city port was flanked by large industrial areas. The old town district is one of the largest in Europe, and hosts some remarkable artistic and architectural treasures, including the Palazzi dei Rolli, fifty or so homes of the aristocracy entered on the UNESCO World Heritage List.
In addition to offering a wealth of cultural attractions, Genova is a fascinating destination for tourists, with its scenic vantage points, sea promenades, aristocratic villas and of course the Riviera to the east and west, both easy to reach: Portovenere and Le Cinque Terre (also UNESCO World Heritage Sites), Portofino and Camogli to the east and Alassio, Sanremo, Bordighera to the west.
More informations can be found on the official portal of tourism