TSAR: Testability-driven Security And pRivacy testing for Web Applications (conv. H2020-SU-DS-2018-2019-2020)

researchers

CUEVAS RUMIN, ANGEL Principal Researcher
AZCORRA SALOÑA, ARTURO Researcher
PELAEZ MORENO, CARMEN Researcher
LOPEZ ONGIL, CELIA Researcher
LARRABEITI LOPEZ, DAVID Researcher
VALERA PINTOR, FRANCISCO Researcher
PLEITE GUERRA, JORGE Researcher
LILLO RODRIGUEZ, ROSA ELVIRA Researcher
VIDAL FERNANDEZ, IVAN Researcher
REVIRIEGO VASALLO, PEDRO Researcher
CUEVAS RUMIN, RUBEN Researcher
HERNANDEZ GUTIERREZ, JOSE ALBERTO Researcher
ALMODOVAR HERREROS, JONATHAN Researcher
UCAR MARQUES, IÑAKI Researcher
CALLEJO PINARDO, PATRICIA Researcher
GONZALEZ CABAÑAS, JOSE Researcher
MENDEZ CIVIETA, ALVARO Researcher
MERINO HERNANDEZ, ANGEL Researcher
BERMEJO AGUEDA, MIGUEL ANGEL Researcher

type

European Research Project

reference

101019206

date/time interval

September 1, 2021 - August 31, 2024

funding entity

EUROPEAN COMMISSION RESEARCH EXECUTIVE AGENCY

abstract

TESTABLE addresses the grand challenge of building and maintaining modern web-based and AI-powered application software secure and privacy-friendly. TESTABLE intends to lay the foundations for a new integration of security and privacy into the software development lifecycle (SDLC), by proposing a novel combination of two metrics to quantify the security and privacy risks of a program, i.e., the code testability and vulnerable behavior indicators. Based on the novel concept of "testability patterns," TESTABLE will empower the SDLC actors (e.g., software/AI developers, managers, testers, and auditors) to reduce the risk by building better security and privacy
testing techniques for classical and AI-powered web applications, and removing or mitigating the impact of the patterns causing the high-risk levels.
To achieve these goals, TESTABLE will develop new algorithms, techniques, and tools to analyze, test, and study web-based application software. First, TESTABLE will deliver algorithms and techniques to calculate the risk levels of the web application's code. Second, TESTABLE will provide new testing techniques to improve software
testability. It will do so with novel static and dynamic program analysis techniques by tackling the shortcomings of existing approaches to detect complex and hard-to-detect web vulnerabilities, and combining ideas from the security testing and adversarial machine learning fields. TESTABLE will also pioneer the creation of a new generation of
techniques tailored to test and study privacy problems in web applications. Finally, TESTABLE will deliver novel techniques to assist software/AI developers, managers, testers, and auditors to remove or mitigate the patterns associated with the high risk.
TESTABLE relies on a long-standing team of nine European partners with strong expertise in security testing, privacy testing, machine learning security, and program analysis, and who strive for excellence with a proven strong track record and imp

TSAR: Testability-driven Security And pRivacy testing for Web Applications (conv. H2020-SU-DS-2018-2019-2020) Projects

Overview

researchers

type

reference

date/time interval

funding entity

abstract

Classification

keywords