TSAR: Testability-driven Security And pRivacy testing for Web Applications (conv. H2020-SU-DS-2018-2019-2020) Projects uri icon

type

  • European Research Project

reference

  • 101019206

date/time interval

  • September 1, 2021 - August 31, 2024

abstract

  • TESTABLE addresses the grand challenge of building and maintaining modern web-based and AI-powered application software secure and privacy-friendly. TESTABLE intends to lay the foundations for a new integration of security and privacy into the software development lifecycle (SDLC), by proposing a novel combination of two metrics to quantify the security and privacy risks of a program, i.e., the code testability and vulnerable behavior indicators. Based on the novel concept of "testability patterns," TESTABLE will empower the SDLC actors (e.g., software/AI developers, managers, testers, and auditors) to reduce the risk by building better security and privacy
    testing techniques for classical and AI-powered web applications, and removing or mitigating the impact of the patterns causing the high-risk levels.
    To achieve these goals, TESTABLE will develop new algorithms, techniques, and tools to analyze, test, and study web-based application software. First, TESTABLE will deliver algorithms and techniques to calculate the risk levels of the web application's code. Second, TESTABLE will provide new testing techniques to improve software
    testability. It will do so with novel static and dynamic program analysis techniques by tackling the shortcomings of existing approaches to detect complex and hard-to-detect web vulnerabilities, and combining ideas from the security testing and adversarial machine learning fields. TESTABLE will also pioneer the creation of a new generation of
    techniques tailored to test and study privacy problems in web applications. Finally, TESTABLE will deliver novel techniques to assist software/AI developers, managers, testers, and auditors to remove or mitigate the patterns associated with the high risk.
    TESTABLE relies on a long-standing team of nine European partners with strong expertise in security testing, privacy testing, machine learning security, and program analysis, and who strive for excellence with a proven strong track record and imp

keywords

  • security testing, software testability, web application security, static analysis, dynamic; software analysis, privacy