Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Overview
  • Workshop Organizers
  • Workshop Program
  • Co-Located Workshops
  • Activities
    • Birds-of-a-Feather Sessions
  • Students and Grants
  • Sponsorship
  • Questions?
  • Help Promote!
  • For Participants
  • Call for Papers
  • Past Workshops

sponsors

Bronze Sponsor

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป TESTREX: a Testbed for Repeatable Exploits
Tweet

connect with us

http://twitter.com/usenixsecurity
http://www.usenix.org/facebook
http://www.usenix.org/linkedin
http://www.usenix.org/gplus
http://www.usenix.org/youtube

TESTREX: a Testbed for Repeatable Exploits

Authors: 

Stanislav Dashevskyi and Daniel Ricardo dos Santos, University of Trento and Fondazione Bruno Kessler; Fabio Massacci, University of Trento; Antonino Sabetta, SAP Labs

Abstract: 

Web applications are the target of many known exploits and also a fertile ground for the discovery of security vulnerabilities. Those applications may be exploitable not only because of the vulnerabilities in their source code, but also because of the environments on which they are deployed and run. Execution environments usually consist of application servers, databases and other supporting applications. In order to test whether known exploits can be reproduced in different settings, better understand their effects and facilitate the discovery of new vulnerabilities, we need to have a reliable testbed. In this paper, we present TESTREX, a testbed for repeatable exploits, which has as main features: packing and running applications with their environments; injecting exploits and monitoring their success; and generating security reports. We also provide a corpus of example applications, taken from related works or implemented by us.

The code is available on the web at https://securitylab.disi.unitn.it/doku.php?id=software

Stanislav Dashevskyi, University of Trento and Fondazione Bruno Kessler

Daniel Ricardo dos Santos, University of Trento and Fondazione Bruno Kessler

Fabio Massacci, University of Trento

Antonino Sabetta, SAP Labs

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

Dashevskyi PDF
View the slides
  • Log in or    Register to post comments

Bronze Sponsors

© USENIX

  • Privacy Policy
  • Contact Us