FETT: Fault Injection as an Educational and Training Tool in Cybersecurity
This program is tentative and subject to change.
In this paper, we present FETT, a fault injection tool for educational and training purposes addressed to educators and students in cybersecurity. Our tool aims to analyze and inject vulnerabilities into existing Django web applications for education purposes. Indeed, security education often relies on either abstract theoretical instruction or overly simplistic examples. This tool bridges the gap between theory and practice by modifying real web applications in a targeted, reproducible way. With its user-friendly interface and modular vulnerability injection, instructors can create challenges tailored to specific learning goals, while students engage directly with code that simulates production-level vulnerabilities. We evaluated FETT based on five publicly available GitHub projects and six student projects from the last three academic years (2022-2024). We successfully managed to efficiently inject vulnerabilities inspired by the OWASP top 10:2021 while keeping the core functionalities of the target application operational.
This program is tentative and subject to change.
Mon 17 NovDisplayed time zone: Seoul change
15:00 - 18:00 | |||
15:00 3hDemonstration | Towards Context-aware Mobile Privacy Notice: Implementation of A Deployable Contextual Privacy Policies Generator Tool Demonstration Track Haochen Gong Australian National University, Zhen Tao Technical University of Munich, Shidong Pan Columbia University & New York University, Zhenchang Xing CSIRO's Data61, Xiaoyu Sun Australian National University, Australia | ||
15:00 3hDemonstration | Metamorphic Testing of Deep Reinforcement Learning Agents with MDPMORPH Tool Demonstration Track Jiapeng Li Beihang University, Zheng Zheng Beihang University, Yuning Xing University of Auckland, Daixu Ren Beihang University, Steven Cho The University of Auckland, New Zealand, Valerio Terragni University of Auckland | ||
15:00 3hDemonstration | FlowStrider: Low-friction Continuous Threat Modeling Tool Demonstration Track Bernd Gruner German Aerospace Center (DLR), Institute of Data Science, Noah Erthel German Aerospace Center (DLR), Clemens-Alexander Brust German Aerospace Center (DLR) | ||
15:00 3hDemonstration | ReFuzzer: Feedback-Driven Approach to Enhance Validity of LLM-Generated Test Programs Tool Demonstration Track Iti Shree King's College London, Karine Even-Mendoza King’s College London, Tomasz Radzik King's College London | ||
15:00 3hDemonstration | DESIGNATOR: a Toolset for Automated GAN-enhanced Search-based Testing and Retraining of DNNs in Martian Environments Tool Demonstration Track Pre-print | ||
15:00 3hDemonstration | Chrysalis: A Lightweight Framework for Metamorphic Testing in Python Tool Demonstration Track Jai Parera University of California, Los Angeles, Nathan Huey University of California, Los Angeles, Ben Limpanukorn University of California, Los Angeles, Miryung Kim UCLA and Amazon Web Services | ||
15:00 3hDemonstration | AndroFL: Evolutionary-Driven Fault Localization for Android Apps Tool Demonstration Track Vishal Singh Indian Institute of Technology Kanpur, Ravi Shankar Das Indian Institute of Technology Kanpur, Prajwal H G InMobi, Subhajit Roy IIT Kanpur DOI | ||
15:00 3hDemonstration | XRintTest: An Automated Framework for User Interaction Testing in Extended Reality Applications Tool Demonstration Track Ruizhen Gu University of Sheffield, José Miguel Rojas University of Sheffield, Donghwan Shin University of Sheffield Pre-print | ||
15:00 3hDemonstration | Training-Control-as-Code: Towards a declarative solution to control training Tool Demonstration Track Padmanabha V. Seshadri IBM India Research Lab, Harikrishnan Balagopal IBM India Research Lab, Mehant Kammakomati IBM India Research Lab, Ashok Pon Kumar IBM Research - India, Dushyant Behl IBM Research Media Attached | ||
15:00 3hDemonstration | VUSC: An Extensible Research Platform for Java-Based Static Analysis Tool Demonstration Track | ||
15:00 3hDemonstration | BASHIRI: Learning Failure Oracles from Execution Features Tool Demonstration Track Marius Smytzek CISPA Helmholtz Center for Information Security, Martin Eberlein Humboldt-Universtität zu Berlin, Tural Mammadov CISPA Helmholtz Center for Information Security, Lars Grunske Humboldt-Universität zu Berlin, Andreas Zeller CISPA Helmholtz Center for Information Security | ||
15:00 3hDemonstration | FETT: Fault Injection as an Educational and Training Tool in Cybersecurity Tool Demonstration Track Anaé De Baets University of Namur, Guillaume Nguyen University of Namur, Xavier Devroey University of Namur, Fabian Gilson University of Canterbury Pre-print | ||