testable_eu

📢ANNOUNCEMENT📢 The #OWASP Testability Patterns for Webapps is finally out! Shoutouts to @Testable_EU partners @CISPA @EURECOM @uc3m, @tuBraunschweig @ShiftLeftInc @SAPLabsinFrance @mindedsecurity NortonLifeLock @pluribus_one buff.ly/3E3jsFM buff.ly/3HYavie

✨Happening Now ✨@compaluca' presenting the #OWASP Testability Patterns for Webapps project at the @owasp @AppSecEU. Join us to learn more about testability patterns, and how you can use our framework to pick the right SAST tools! buff.ly/3E3jsFM #testable_eu #appsec

@CISPA @EURECOM @uc3m @tuBraunschweig @ShiftLeftInc @SAPLabsinFrance @mindedsecurity @pluribus_one 5/5: Ready to be amazed? @compaluca will present our project at the @owasp @AppSecEU in Dublin. Come and join us on Feb 16, 10:30 AM. This is a great opportunity to meet some of the team, and learn about the project firsthand! #testable_eu #tpframework #owasp #appsec #dublin

📢ANNOUNCEMENT📢 The #OWASP Testability Patterns for Webapps is finally out! Shoutouts to @Testable_EU partners @CISPA @EURECOM @uc3m, @tuBraunschweig @ShiftLeftInc @SAPLabsinFrance @mindedsecurity NortonLifeLock @pluribus_one buff.ly/3E3jsFM buff.ly/3HYavie

@CISPA @EURECOM @uc3m @tuBraunschweig @ShiftLeftInc @SAPLabsinFrance @mindedsecurity @pluribus_one 4/5: Do you want to contribute? Found a code snippet affecting a SAST tool? Join and contribute to our catalogue. Want to test your SAST tools against our catalogue? Extend our framework to support your tool. 👉 github.com/testable-eu/sa…

@CISPA @EURECOM @uc3m @tuBraunschweig @ShiftLeftInc @SAPLabsinFrance @mindedsecurity @pluribus_one 3/5: We also built a framework to check if your code base has these patterns AND you can add your SAST tools to check if they are affected by them 🔥 👉 github.com/testable-eu/sa…

@CISPA @EURECOM @uc3m @tuBraunschweig @ShiftLeftInc @SAPLabsinFrance @mindedsecurity @pluribus_one 2/5: We are building the first open-source catalogue of testability patterns for many programming languages, i.e., problematic code snippets that hamper the capability of static analyzers to find vulnerabilities. 👉​​github.com/testable-eu/sa…

The higher the testability for an application, the easier will be to test that application and to detect its vulnerabilities during the testing phase

The testability metric aims to estimate of how easy/hard is to detect vulnerabilities over a target application with respect to a certain class of testing techniques (e.g., SAST, DAST, …)

Super cool idea to check if malicious JS is running/injected on a web page, in particular when it’s opened from an app. Cc @Testable_EU. @KrauseFx, I would wrap the whole JS code in a IIFE to prevent malicious code to overwrite controls. 😉

Core to TESTABLE is a new testability metric to compute a more precise risk score, complementing existing vulnerability indicators (e.g., LoC, presence of security-sensitive function calls) #testable_eu

Happy to share that our paper (cc @tgianko) on #domclobbering has been accepted at #IEEESP'23 🎊. Excited to learn more? Check out: 👉 domclob.xyz ✨ bit.ly/3CwxoIB ✨ bit.ly/3Tj9WVi @Testable_EU, @CISPA #domclobbering #xss #testable_eu

Journey started in September 2021 with amazing partners: @CISPA @EURECOM @tuBraunschweig @uc3m @SAP @ShiftLeftInc @mindedsecurity @NortonLifelock @pluribus_one

Interested to detect security and privacy issues? Do you use/develop any static or dynamic testing tools? Do you work on testing tools to make your ML-based components more robust against adversarial attacks? Keep an eye on TESTABLE! #testable_eu