Skip to main content
SpringerLink
Log in

Preliminary Experiences in Requirements-Based Security Testing

  • Conference paper
  • First Online:
Quality of Information and Communications Technology (QUATIC 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1266))

  • 1151 Accesses

Abstract

Software requirements engineers and testers generally define technical documents in natural languages, but this practice can lead to inconsistencies between the documentation and the consequent system implementation. Previous research has shown that writing requirements and tests in a structured way, with controlled natural languages like RSL, can help mitigate these problems. This study goes further, discussing new experiments carried out to validate that RSL (with its complementary tools, called “ITLingo Studio”) can be applied in different systems and technologies, namely the possibility of applying the approach to integrate test automation capabilities in security testing. The preliminary conclusion indicates that, by combining tools such as ITLingo Studio and the Robot Framework, it is possible to integrate requirements and test specifications with test automation, and that would bring benefits in the testing process’ productivity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ansari, A., Shagufta, M.B., Sadaf Fatima, A., Tehreem, S.: Constructing test cases using natural language processing. In: Proceedings of the 3rd IEEE International Conference on Advances in Electrical and Electronics, Information, Communication and Bio-Informatics, AEEICB (2017). https://doi.org/10.1109/AEEICB.2017.7972390

  2. Barbosa, A., Paiva, A.C.R., Campos, J.C.: Test case generation from mutated task models. In: Proceedings of the 3rd ACM SIGCHI Symposium on Engineering Interactive Computing System, EICS 2011. ACM (2011). https://doi.org/10.1145/1996461.1996516

  3. de Almeida Ferreira, D., da Silva, A.R.: RSLingo: an information extraction approach toward formal requirements specifications. In: 2nd IEEE International Workshop on Model-Driven Requirements Engineering, MoDRE (2012). https://doi.org/10.1109/MoDRE.2012.6360073

  4. Gutiérrez, J., Aragón, G., Mejías, M., Domínguez Mayo, F.J., Ruiz Cutilla, C.M.: Automatic test case generation from functional requirements in NDT. In: Grossniklaus, M., Wimmer, M. (eds.) ICWE 2012. LNCS, vol. 7703, pp. 176–185. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35623-0_18

    Chapter  Google Scholar 

  5. Jr, V.S.: An Introduction to XPath: How to Get Started (2016). https://blog.scrapinghub.com/2016/10/27/an-introduction-to-xpath-with-examples

  6. Maciel, D., Paiva, A.C., Da Silva, A.R.: From requirements to automated acceptance tests of interactive apps: an integrated model-based testing approach. In: ENASE 2019 - Proceedings of the 14th International Conference on Evaluation of Novel Approaches to Software Engineering (2019). https://doi.org/10.5220/0007679202650272

  7. Moreira, R.M.L.M., Paiva, A.C.R., Nabuco, M., Memon, A.: Pattern-based GUI testing: bridging the gap between design and quality assurance. Softw. Test. Verification Reliab. 27(3) (2017). https://doi.org/10.1002/stvr.1629

  8. OWASP: OWASP Juice Shop - demo and testing instance. https://juice-shop.herokuapp.com

  9. Paiva, A.C.R., Restivo, A., Almeida, S.: Test case generation based on mutations over user execution traces. Softw. Qual. J. 1–14 (2020). https://doi.org/10.1007/s11219-020-09503-4

  10. Paiva, A.C.R., Maciel, D., da Silva, A.R.: From requirements to automated acceptance tests with the RSL language. In: Damiani, E., Spanoudakis, G., Maciaszek, L.A. (eds.) ENASE 2019. CCIS, vol. 1172, pp. 39–57. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-40223-5_3

    Chapter  Google Scholar 

  11. Robot-Framework-Foundation: Robot Framework. https://robotframework.org/

  12. Rwemalika, R., Kintis, M., Papadakis, M., Le Traon, Y., Lorrach, P.: On the evolution of keyword-driven test suites. In: Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST (2019). https://doi.org/10.1109/ICST.2019.00040

  13. Selenium: Automation Practice. http://automationpractice.com/index.php?id_cms=4&controller=cms

  14. da Silva, A.R.: Linguistic patterns and linguistic styles for requirements specification (i): an application case with the rigorous RSL/business-level language. In: Proceedings of the 22nd European Conference on Pattern Languages of Programs (2017)

    Google Scholar 

  15. da Silva, A.R.: Rigorous specification of use cases with the RSL language. In: 28th International Conference on Information Systems Development - IDS (2019)

    Google Scholar 

  16. da Silva, A.R., Paiva, A.C.R., da Silva, V.E.R.: A test specification language for information systems based on data entities, use cases and state machines. In: Hammoudi, S., Pires, L.F., Selic, B. (eds.) MODELSWARD 2018. CCIS, vol. 991, pp. 455–474. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-11030-7_20

    Chapter  Google Scholar 

  17. da Silva, A.R., Paiva, A.C.R., da Silva, V.E.R.: Towards a test specification language for information systems: focus on data entity and state machine tests. In: Proceedings of the 6th International Conference on Model-Driven Engineering and Software Development - MODELSWARD. INSTICC, SciTePress (2018). https://doi.org/10.5220/0006608002130224

  18. Silva, P., Paiva, A.C.R., Restivo, A., Garcia, J.E.: Automatic test case generation from usage information. In: 11th International Conference on the Quality of Information and Communications Technology, QUATIC. IEEE Computer Society (2018). https://doi.org/10.1109/QUATIC.2018.00047

  19. W3School: XML and XPath. https://www.w3schools.com/xml/xml_xpath.asp

Download references

Author information

Authors and Affiliations

  1. Faculty of Engineering, University of Porto, Porto, Portugal

    João Miranda & Ana C. R. Paiva

  2. INESC TEC, Porto, Portugal

    Ana C. R. Paiva

  3. INESC-ID, Lisbon, Portugal

    Alberto Rodrigues da Silva

  4. Instituto Superior Técnico, Universidade de Lisboa, Lisbon, Portugal

    Alberto Rodrigues da Silva

Authors
  1. João Miranda
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ana C. R. Paiva
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alberto Rodrigues da Silva
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ana C. R. Paiva .

Editor information

Editors and Affiliations

  1. Brunel University, London, UK

    Martin Shepperd

  2. Lisbon University Institute, Lisbon, Portugal

    Fernando Brito e Abreu

  3. University of Lisbon, Lisbon, Portugal

    Alberto Rodrigues da Silva

  4. University of Castilla-La Mancha, Talavera de la Reina, Spain

    Ricardo Pérez-Castillo

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Miranda, J., Paiva, A.C.R., da Silva, A.R. (2020). Preliminary Experiences in Requirements-Based Security Testing. In: Shepperd, M., Brito e Abreu, F., Rodrigues da Silva, A., Pérez-Castillo, R. (eds) Quality of Information and Communications Technology. QUATIC 2020. Communications in Computer and Information Science, vol 1266. Springer, Cham. https://doi.org/10.1007/978-3-030-58793-2_33

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-58793-2_33

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-58792-5

  • Online ISBN: 978-3-030-58793-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation