ToCaMS 2020
Wed 28 Oct 2020 Porto, Portugal
co-located with ICST 2020
Wed 28 Oct 2020 11:00 - 11:30 at Miragaia - Session II

Reported vulnerabilities have grown significantly over the recent years, with SQL injection (SQLi) being one of the most prominent, especially in web applications. For these, such increase can be explained by the integration of multiple software parts (e.g., various plugins and modules), often developed by different organizations, composing thus web application variants. Machine Learning has the potential to be a great ally on finding vulnerabilities, aiding experts by reducing the search space or even by classifying programs on their own. However, previous work usually does not consider SQLi or utilizes techniques hard to scale. Moreover, there is a clear gap in vulnerability detection with machine learning for PHP, the most popular server-side language for web applications. This paper presents a Deep Learning model able to classify PHP slices as vulnerable (or not) to SQLi. As slices can belong to any variant, we propose the use of an intermediate language to represent the slices and interpret them as text, resorting to well-studied Natural Language Processing (NLP) techniques. Preliminary results of the use of the model show that it can discover SQLi, helping programmers and precluding attacks that would eventually cost a lot to repair.

Wed 28 Oct
Times are displayed in time zone: Lisbon change

11:00 - 12:30
Session IIToCaMS 2020 at Miragaia
11:00
30m
Full-paper
Towards a Deep Learning Model for Vulnerability Detection on Web Application Variants
ToCaMS 2020
Ana FidalgoLASIGE, Faculdade de Ciências da Universidade de Lisboa, Ibéria MedeirosLaSIGE, Faculdade de Ciências da Universidade de Lisboa, Paulo AntunesLASIGE, Faculdade de Ciências da Universidade de Lisboa, Nuno NevesDI FC UL
Link to publication DOI
11:30
30m
Full-paper
Test Design with the Classification Tree Method in Presence of Variants
ToCaMS 2020
Vladimir SchmidtExpleo Germany GmbH, Berlin, Peter M. KruseExpleo Group
Link to publication DOI
12:00
30m
Full-paper
Regression Test Suite Reduction for Cloud Systems
ToCaMS 2020
Oussama JebbarGina Cody School of Engineering and Computer Science, Concordia University, Montreal, Mohamed Aymen SaiedConcordia University, Ferhat Khendek Concordia University, Maria ToeroeEricsson Inc, Montreal
Link to publication DOI