OWASP AppSec Research EU 2013
Friday, August 23 • 3:50pm - 4:20pm
The SPaCIoS Tool: property-driven and vulnerability-driven security testing for Web-based application scenarios

In this talk, we present how the SPaCIoS Tool supports security analysts and developers in the security assessment of a system under testing. In particular, we describe the main workflows and components that have been implemented as part of the SPaCIoS Tool and that rely on a combination of model-checking, model-based security testing, mutation testing, and penetration testing techniques to detect vulnerabilities and to evaluate the security implications of specific design and deployment decisions. We also report on a number of experiments we have been carrying out. In particular, we have been applying the tool as a proof of concept on a set of security testing problem cases drawn from industrial and open-source web-based application scenarios. We have also been executing collaboration projects with business units at industry as a stepping stone towards the industry migration of the SPaCIoS Tool.

avatar for Luca Compagna

Luca Compagna

Researcher, SAP
Dr. Luca Compagna is part of the Security Research team at SAP where is contributing to the research strategy and to the software security analysis area in particular. He received his Ph.D. in Computer Science jointly from the U. of Genova and U. of Edinburgh. His area of interes... Read More →
avatar for Luca Viganò

Luca Viganò

Prof. Dr. Luca Viganò received his Ph.D. in Computer Science from the University of Saarbruecken, Germany, in 1997, and his Habilitation in Computer Science from the University of Freiburg, Germany, in 2003. He held a senior research scientist position at ETH Zurich, Switzerland... Read More →

