The 6th international Workshop on Security Testing
Co-located with the 8th IEEE International Conference on Software Testing, Verification and Validation (ICST 2015)
Graz, Austria, April 13, 2015

News: The Workshop program is now available.
To register for the workshop please use the ICST registration form.

To improve software security, several techniques, including vulnerability modelling and security testing, have been developed but the problem remains unsolved. On one hand, SECTEST workshop tries to answer how vulnerability modelling can help users understand the occurrence of vulnerabilities so to avoid them, and what the advantages and drawbacks of the existing models are to represent vulnerabilities.  At the same time, the workshop tries to understand how to solve the challenging security testing problem, how security testing is different from and related to classical functional testing, and how to assess the quality of security testing. This is in particular interesting since testing the mere functionality of a system alone is already a fundamentally critical task. The objective of SECTEST workshop is to share ideas, methods, techniques, and tools about vulnerability modelling and security testing to improve the state of the art.

In particular, the workshop aims at providing a forum for practitioners and researchers to exchange ideas, perspectives on problems, and solutions. Both papers proposing novel models, methods, and algorithms and reporting experiences applying existing methods on case studies and industrial examples are welcomed. The topics of interest include, but are not restricted to:

  • network security testing
  • application security testing
  • security requirements definition and modelling
  • security and vulnerability modelling
  • secure interoperability
  • runtime monitoring of security-relevant applications
  • security testing of legacy systems
  • cost effectiveness issues
  • comparisons between security-by-design and formal analyses
  • formal techniques for security testing and validation
  • security test generation and oracle derivation
  • specifying testable security constraints
  • test automation
  • penetration testing
  • regression testing for security
  • robustness and fault tolerance to attacks
  • test-driven diagnosis of security weaknesses
  • process and models for designing and testing secure system
  • when to perform security analysis and testing
  • "white box" security testing techniques
  • compile time fault detection and program verification
  • tools and case studies
  • industrial experience reports

This workshop is a follow-up and combination of the First International Workshop on Security Testing (SECTEST 2008) and the First International Workshop on Modelling and Detection of Vulnerabilities (MDV 2010), as well as the Second, Third, Fourth and Fifth International Workshop on Security Testing.