{"id":"https://openalex.org/W3048126111","doi":"https://doi.org/10.5281/zenodo.4752931","title":"Metamorphic Security Testing for Web Systems","display_name":"Metamorphic Security Testing for Web Systems","publication_year":2021,"publication_date":"2021-05-12","ids":{"openalex":"https://openalex.org/W3048126111","doi":"https://doi.org/10.5281/zenodo.4752931","mag":"3048126111"},"language":"en","primary_location":{"id":"pmh:oai:figshare.com:article/14587715","is_oa":true,"landing_page_url":null,"pdf_url":"https://figshare.com/articles/software/Metamorphic_Security_Testing_for_Web_Systems/14587715","source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Software"},"type":"article","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://figshare.com/articles/software/Metamorphic_Security_Testing_for_Web_Systems/14587715","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Mai, Xuan Phu","orcid":null},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Mai, Xuan Phu","raw_affiliation_strings":["University of Luxembourg","SnT Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Luxembourg","institution_ids":["https://openalex.org/I186903577"]},{"raw_affiliation_string":"SnT Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042872250","display_name":"Fabrizio Pastore","orcid":"https://orcid.org/0000-0003-3541-3641"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Pastore, Fabrizio","raw_affiliation_strings":["University of Luxembourg","SnT Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg"],"raw_orcid":"https://orcid.org/0000-0003-3541-3641","affiliations":[{"raw_affiliation_string":"University of Luxembourg","institution_ids":["https://openalex.org/I186903577"]},{"raw_affiliation_string":"SnT Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087161990","display_name":"Arda G\u00f6knil","orcid":"https://orcid.org/0000-0002-2170-2066"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Goknil, Arda","raw_affiliation_strings":["University of Luxembourg","SnT Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Luxembourg","institution_ids":["https://openalex.org/I186903577"]},{"raw_affiliation_string":"SnT Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5078533117","display_name":"Lionel Briand","orcid":"https://orcid.org/0000-0002-1393-1010"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Briand, Lionel","raw_affiliation_strings":["University of Luxembourg","SnT Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg"],"raw_orcid":"https://orcid.org/0000-0002-1393-1010","affiliations":[{"raw_affiliation_string":"University of Luxembourg","institution_ids":["https://openalex.org/I186903577"]},{"raw_affiliation_string":"SnT Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"cited_by_count":23,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/oracle","display_name":"Oracle","score":0.8503334522247314},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8101540803909302},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.7735725045204163},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.5800489187240601},{"id":"https://openalex.org/keywords/software-testing","display_name":"Software testing","score":0.5142800211906433},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5072547793388367},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.4704992473125458},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.46687930822372437},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.40592172741889954},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3122643232345581},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.28317004442214966},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.2511337101459503},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.2400682270526886},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.22206208109855652},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.22050994634628296},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.18454411625862122},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1316264569759369}],"concepts":[{"id":"https://openalex.org/C55166926","wikidata":"https://www.wikidata.org/wiki/Q2892946","display_name":"Oracle","level":2,"score":0.8503334522247314},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8101540803909302},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.7735725045204163},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.5800489187240601},{"id":"https://openalex.org/C2984328558","wikidata":"https://www.wikidata.org/wiki/Q188522","display_name":"Software testing","level":3,"score":0.5142800211906433},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5072547793388367},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.4704992473125458},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.46687930822372437},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.40592172741889954},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3122643232345581},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.28317004442214966},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.2511337101459503},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2400682270526886},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.22206208109855652},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.22050994634628296},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.18454411625862122},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1316264569759369},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0}],"mesh":[],"locations_count":6,"locations":[{"id":"pmh:oai:figshare.com:article/14587715","is_oa":true,"landing_page_url":null,"pdf_url":"https://figshare.com/articles/software/Metamorphic_Security_Testing_for_Web_Systems/14587715","source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Software"},{"id":"pmh:oai:orbilu.uni.lu:10993/41229","is_oa":true,"landing_page_url":"https://orbilu.uni.lu/handle/10993/41229","pdf_url":null,"source":{"id":"https://openalex.org/S4306401815","display_name":"Open Repository and Bibliography (University of Luxembourg)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I186903577","host_organization_name":"University of Luxembourg","host_organization_lineage":["https://openalex.org/I186903577"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE International Conference on Software Testing, Verification and Validation (ICST) 2020 (2020-03); INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION, Porto, Portugal [PT], March 23-27, 2020","raw_type":"peer reviewed"},{"id":"doi:10.5281/zenodo.4752931","is_oa":true,"landing_page_url":"https://doi.org/10.5281/zenodo.4752931","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"},{"id":"doi:10.5281/zenodo.5533530","is_oa":true,"landing_page_url":"https://doi.org/10.5281/zenodo.5533530","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"},{"id":"doi:10.5281/zenodo.5553150","is_oa":true,"landing_page_url":"https://doi.org/10.5281/zenodo.5553150","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"},{"id":"doi:10.5281/zenodo.5562254","is_oa":true,"landing_page_url":"https://doi.org/10.5281/zenodo.5562254","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:figshare.com:article/14587715","is_oa":true,"landing_page_url":null,"pdf_url":"https://figshare.com/articles/software/Metamorphic_Security_Testing_for_Web_Systems/14587715","source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Software"},"sustainable_development_goals":[{"score":0.75,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G275404224","display_name":null,"funder_award_id":"694277","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3048126111.pdf","grobid_xml":"https://content.openalex.org/works/W3048126111.grobid-xml"},"referenced_works_count":78,"referenced_works":["https://openalex.org/W83755378","https://openalex.org/W116656696","https://openalex.org/W142308502","https://openalex.org/W1507845365","https://openalex.org/W1519683776","https://openalex.org/W1524147119","https://openalex.org/W1556003781","https://openalex.org/W1562171576","https://openalex.org/W1563423869","https://openalex.org/W1567645817","https://openalex.org/W1647671624","https://openalex.org/W1683468393","https://openalex.org/W1909163279","https://openalex.org/W1973111496","https://openalex.org/W1975934503","https://openalex.org/W1979931683","https://openalex.org/W2003115932","https://openalex.org/W2003803959","https://openalex.org/W2007632507","https://openalex.org/W2011176357","https://openalex.org/W2011539648","https://openalex.org/W2032680490","https://openalex.org/W2041713059","https://openalex.org/W2045974024","https://openalex.org/W2047437983","https://openalex.org/W2047914009","https://openalex.org/W2051463711","https://openalex.org/W2057769218","https://openalex.org/W2065555413","https://openalex.org/W2088297136","https://openalex.org/W2096902973","https://openalex.org/W2097513285","https://openalex.org/W2104846611","https://openalex.org/W2106860490","https://openalex.org/W2106953271","https://openalex.org/W2108147409","https://openalex.org/W2112265708","https://openalex.org/W2114856590","https://openalex.org/W2118520057","https://openalex.org/W2125672377","https://openalex.org/W2125876733","https://openalex.org/W2130746431","https://openalex.org/W2131730994","https://openalex.org/W2132791332","https://openalex.org/W2136999635","https://openalex.org/W2139069137","https://openalex.org/W2140890531","https://openalex.org/W2142049935","https://openalex.org/W2150543695","https://openalex.org/W2150566873","https://openalex.org/W2151315194","https://openalex.org/W2151363114","https://openalex.org/W2156835762","https://openalex.org/W2157974609","https://openalex.org/W2158572645","https://openalex.org/W2162036145","https://openalex.org/W2162308553","https://openalex.org/W2163362445","https://openalex.org/W2168208806","https://openalex.org/W2168565110","https://openalex.org/W2170188121","https://openalex.org/W2170737051","https://openalex.org/W2179418444","https://openalex.org/W2204102791","https://openalex.org/W2212046922","https://openalex.org/W2324595780","https://openalex.org/W2428841090","https://openalex.org/W2509308811","https://openalex.org/W2610589024","https://openalex.org/W2759047281","https://openalex.org/W2782311202","https://openalex.org/W2800621402","https://openalex.org/W2890521506","https://openalex.org/W2997653900","https://openalex.org/W3008797115","https://openalex.org/W3037744868","https://openalex.org/W3144361894","https://openalex.org/W4232603068"],"related_works":["https://openalex.org/W2155353733","https://openalex.org/W2170847850","https://openalex.org/W2094754363","https://openalex.org/W4385770215","https://openalex.org/W2062583373","https://openalex.org/W1566131087","https://openalex.org/W2129479435","https://openalex.org/W4240401768","https://openalex.org/W2018644264","https://openalex.org/W4206729637"],"abstract_inverted_index":{"Security":[0],"testing":[1,79,111,126,138],"verifies":[2],"that":[3,81,97],"the":[4,7,20,26,61,83,102,135,161,172],"data":[5],"and":[6,112,160],"resources":[8],"of":[9,34,101,119,134,150],"software":[10],"systems":[11],"are":[12,46,106],"protected":[13],"from":[14,19,37],"attackers.":[15],"Unfortunately,":[16],"it":[17,55],"suffers":[18],"oracle":[21,50,84],"problem,":[22],"which":[23,65],"refers":[24],"to":[25,60,69,92,109,123],"challenge,":[27],"given":[28],"an":[29],"input":[30],"for":[31,64,171],"a":[32,48,77,117],"system,":[33],"distinguishing":[35],"correct":[36],"incorrect":[38],"behavior.":[39],"In":[40,72],"many":[41,62],"situations":[42],"where":[43],"potential":[44],"vulnerabilities":[45,152],"tested,":[47],"test":[49],"may":[51],"not":[52,140],"exist,":[53],"or":[54],"might":[56],"be":[57,70],"impractical":[58],"due":[59],"inputs":[63],"specific":[66],"oracles":[67],"have":[68],"defined.":[71],"this":[73],"paper,":[74],"we":[75],"propose":[76],"metamorphic":[78,94],"approach":[80,131],"alleviates":[82],"problem":[85],"in":[86,127],"security":[87,99,125,137],"testing.":[88],"It":[89,145],"enables":[90],"engineers":[91],"specify":[93],"relations":[95],"(MRs)":[96],"capture":[98],"properties":[100],"system.":[103],"Such":[104],"MRs":[105,122],"then":[107],"used":[108,156],"automate":[110,124],"detect":[113],"vulnerabilities.":[114],"We":[115],"provide":[116],"catalog":[118],"22":[120],"system-agnostic":[121],"Web":[128],"systems.":[129],"Our":[130],"targets":[132],"39%":[133],"OWASP":[136],"activities":[139],"automated":[141],"by":[142],"state-of-the-art":[143],"techniques.":[144],"automatically":[146],"detected":[147],"10":[148],"out":[149],"12":[151],"affecting":[153],"two":[154],"widely":[155],"systems,":[157],"one":[158],"commercial":[159],"other":[162],"open":[163],"source":[164],"(Jenkins).":[165],"This":[166],"pakage":[167],"provides":[168],"replicability":[169],"material":[170],"above-mentioned":[173],"results.":[174]},"counts_by_year":[{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":3}],"updated_date":"2026-06-19T17:40:00.097472","created_date":"2025-10-10T00:00:00"}