Functional Testing Techniques aim to verify if a software application functions as intended according to the requirements and specifications. Security Testing Techniques focus on identifying and mitigating vulnerabilities in a software application that could be exploited by attackers.
This course is part of Master of Computer Science (Software & Security Engineering track) programme at university of Genoa, Italy.
- Basics of Web Applications
- Functional Testing
- Manual vs. Automated Testing
- Software Testing Fundamentals (Approaches and Techniques)
- Unit Testing Tools (e.g., JUnit - TestNG)
- Automated Testing Approaches and Tools for Web/Mobile Applications
- Ex. Selenium WebDriver
- Continuous Integration
- Tools: Jenkins - GitHub Actions
- API Testing
- Tools: Postman
- Mobile Testing
- Testing Framework: Appium
In the context of this course, four web applications were subjected to testing procedures. Two of these applications were tested manually, while the remaining applications were tested using automated tools – specifically, Selenium and Assessor+.
A list of the four web applications tested is provided below:
- Bludit: This web application was tested using Selenium and Assessor+.
- Claroline: This web application was tested manually using Java programming language, JUnit 5, and Selenium WebDriver.
- Mantisbt: This web application was tested manually using Java programming language, JUnit 5, and Selenium WebDriver.
- Prestashop: This web application was tested using Selenium and Assessor+.
- General Introduction
- Introduction to Cybersecurity
- Automated Security Tools
- The HTTP Protocol
- Command Injection
- Client-side Vulnerability
- Denial of Service Attack (DoS)
- Mobile Security
This project implements a monitoring service for web service environments, it is developed in Kotlin by me.
The goal is to monitor a company's website for potential vulnerabilities. The program supports MySQL, WordPress, MongoDB, and Apache Web Server, also it will:
- Take a list of network services (IP, port, URL, service type) as input.
- Dynamically discover the running version of each service (e.g., WordPress 6.4.3).
- Identify potential vulnerabilities based on the service type and version using public vulnerability databases.
The developed program is able to run in two ways:
- Manually Takes Input File (Json file is supported)
- Automatically finds different networks in Docker and gets one from user selection, and look for its services and their vulnerabilities.
This project is done individually and the program will generate a report file (both PDF and Json) listing vulnerabilities affecting each service, if any.
The project is available at this link.
In parallel with the development of this tool, I created an open-source Kotlin library named VulnerabilityFinder. This library simplifies interacting with the National Vulnerability Database (NVD) website within Kotlin applications, facilitating the retrieval of service vulnerability information.
This project is intended to develop a tool for the course. It is crucial to remember that this tool should be used responsibly and ethically. I strongly advocate for its use in improving the security of your own applications and services, and not for any malicious or unlawful activities.
By utilizing this project, you agree to the following conditions:
- You accept full responsibility for any outcomes resulting from the use of this project.
- The project contributors cannot be held accountable for any damages or harm resulting from the misuse of this tool.
- We retain the authority to revoke access to the project for any breach of these terms.
The instructor for the Security part is Enrico Cambiaso.