Gonzalez, Danielle and Rath, Michael and Mirakhorli, Mehdi (2020) Did You Remember To Test Your Tokens? In: 17th IEEE/ACM International Conference on Mining Software Repositories, MSR 2020, pp. 232-242. ACM. 2020 IEEE/ACM 17th International Conference on Mining Software Repositories (MSR), 2020-06-29 - 2020-06-30, Seoul, Korea. doi: 10.1145/3379597.3387471. ISBN 978-1-4503-7517-7.
PDF
970kB |
Official URL: https://dl.acm.org/doi/10.1145/3379597.3387471
Abstract
Authentication is a critical security feature for confirming the identity of a system's users, typically implemented with help from frameworks like Spring Security. It is a complex feature which should be robustly tested at all stages of development. Unit testing is an effective technique for fine-grained verification of feature behaviors that is not widely-used to test authentication. Part of the problem is that resources to help developers unit test security features are limited. Most security testing guides recommend test cases in a "black box" or penetration testing perspective. These resources are not easily applicable to developers writing new unit tests, or who want a security-focused perspective on coverage. In this paper, we address these issues by applying a grounded theory-based approach to identify common (unit) test cases for token authentication through analysis of 481 JUnit tests exercising Spring Security-based authentication implementations from 53 open source Java projects. The outcome of this study is a developer-friendly unit testing guide organized as a catalog of 53 test cases for token authentication, representing unique combinations of 17 scenarios, 40 conditions, and 30 expected outcomes learned from the data set in our analysis. We supplement the test guide with common test smells to avoid. To verify the accuracy and usefulness of our testing guide, we sought feedback from selected developers, some of whom authored unit tests in our dataset.
Item URL in elib: | https://elib.dlr.de/136282/ | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Document Type: | Conference or Workshop Item (Speech) | ||||||||||||||||
Title: | Did You Remember To Test Your Tokens? | ||||||||||||||||
Authors: |
| ||||||||||||||||
Date: | 2020 | ||||||||||||||||
Journal or Publication Title: | 17th IEEE/ACM International Conference on Mining Software Repositories, MSR 2020 | ||||||||||||||||
Refereed publication: | Yes | ||||||||||||||||
Open Access: | Yes | ||||||||||||||||
Gold Open Access: | No | ||||||||||||||||
In SCOPUS: | Yes | ||||||||||||||||
In ISI Web of Science: | No | ||||||||||||||||
DOI: | 10.1145/3379597.3387471 | ||||||||||||||||
Page Range: | pp. 232-242 | ||||||||||||||||
Publisher: | ACM | ||||||||||||||||
ISBN: | 978-1-4503-7517-7 | ||||||||||||||||
Status: | Published | ||||||||||||||||
Keywords: | Repository Mining, Unit Test, Java, Authentication, Security Test | ||||||||||||||||
Event Title: | 2020 IEEE/ACM 17th International Conference on Mining Software Repositories (MSR) | ||||||||||||||||
Event Location: | Seoul, Korea | ||||||||||||||||
Event Type: | international Conference | ||||||||||||||||
Event Start Date: | 29 June 2020 | ||||||||||||||||
Event End Date: | 30 June 2020 | ||||||||||||||||
HGF - Research field: | Aeronautics, Space and Transport | ||||||||||||||||
HGF - Program: | Space | ||||||||||||||||
HGF - Program Themes: | other | ||||||||||||||||
DLR - Research area: | Raumfahrt | ||||||||||||||||
DLR - Program: | R - no assignment | ||||||||||||||||
DLR - Research theme (Project): | R - no assignment | ||||||||||||||||
Location: | Jena | ||||||||||||||||
Institutes and Institutions: | Institute of Data Science > Secure Digital Systems | ||||||||||||||||
Deposited By: | Heinze, Thomas | ||||||||||||||||
Deposited On: | 28 Sep 2020 08:55 | ||||||||||||||||
Last Modified: | 24 Apr 2024 20:38 |
Repository Staff Only: item control page