3. Who am I? (The not so technical background)
Someone who decided to study computer science
4. Who am I? (The not so technical background)
Someone who decided to study computer science
bachelor@University of Trento
5. Who am I? (The not so technical background)
Someone who decided to study computer science
bachelor@University of Trento
Worked for 2 years as bartender
6. Who am I? (The not so technical background)
Someone who decided to study computer science
bachelor@University of Trento
Worked for 2 years as bartender
Joined Software Engineering unit in 2008 (as Software Engineer)
7. Who am I? (The not so technical background)
Someone who decided to study computer science
bachelor@University of Trento
Worked for 2 years as bartender
Joined Software Engineering unit in 2008 (as Software Engineer)
Then… more
stuff, master@University of Trento
8. Who am I? (The not so technical background)
Someone who decided to study computer science
bachelor@University of Trento
Worked for 2 years as bartender
Joined Software Engineering unit in 2008 (as Software Engineer)
Then… more
stuff, master@University of Trento
Joined PhD program in 2009 (25th cycle)
9. Who am I? (The not so technical background)
Someone who decided to study computer science
bachelor@University of Trento
Worked for 2 years as bartender
Joined Software Engineering unit in 2008 (as Software Engineer)
Then… more
stuff, master@University of Trento
Joined PhD program in 2009 (25th cycle)
Got my PhD in December 2013 with the thesis
“Security Testing of Web and Smartphone Applications”
10. Who am I? (The not so technical background)
Someone who decided to study computer science
bachelor@University of Trento
Worked for 2 years as bartender
Joined Software Engineering unit in 2008 (as Software Engineer)
Then… more
stuff, master@University of Trento
Joined PhD program in 2009 (25th cycle)
Got my PhD in December 2013 with the thesis
“Security Testing of Web and Smartphone Applications”
PostDoc with the Software Engineering unit
11. The Software Engineering unit
Requirements
Which functionalities is the system going to provide
and why?
Test Cases
Is the system delivering the expected functionalities
and how?
Software
System
Quality of the resulting system depends
on the quality of requirement specification
and on the quality of testing
Research projects:
! Requirements elicitation and
analysis for complex SocioTechnical Systems
!
International Conferences:
• ISSTA 2010: ACM Int. Symp. on Software Testing and Analysis
• RE 2011: IEEE Int. Requirements Eng. Conf.
• ICSM 2012: IEEE Int. Conf. on Software Maintenance
!
!
Mixing participatory and goaloriented elicitation approaches [Acube, Made in Italy]
Regulatory compliance and risk
analysis [RISCOSS]
Code analysis and testing
!
!
!
Reverse and re-engineering [CERN,
IBT]
Web testing and automated test
case generation [FITTEST]
Security testing and software
protection [ASPIRE]
12. What the PhD is..aka The illustrated guide to PhD
http://matt.might.net/articles/phd-school-in-pictures/
13. What the PhD is..aka The illustrated guide to PhD
The human knowledge
http://matt.might.net/articles/phd-school-in-pictures/
14. What the PhD is..aka The illustrated guide to PhD
The human knowledge
After elementary school
http://matt.might.net/articles/phd-school-in-pictures/
15. What the PhD is..aka The illustrated guide to PhD
The human knowledge
After elementary school
After high school
http://matt.might.net/articles/phd-school-in-pictures/
16. What the PhD is..aka The illustrated guide to PhD
The human knowledge
After elementary school
After high school
After the bachelor
http://matt.might.net/articles/phd-school-in-pictures/
17. What the PhD is..aka The illustrated guide to PhD
The human knowledge
After elementary school
After high school
After the bachelor
After the master
http://matt.might.net/articles/phd-school-in-pictures/
18. What the PhD is..aka The illustrated guide to PhD
The human knowledge
After elementary school
After high school
After the master
After the bachelor
Reading papers
http://matt.might.net/articles/phd-school-in-pictures/
20. What the PhD is (2)
Once at the
boundaries, you focus
21. What the PhD is (2)
Once at the
boundaries, you focus
Then, one day…
22. What the PhD is (2)
In any case, don’t forget the
big picture
…
keep pushing!
23. What my Phd was..aka first contact with PhD world
My first official presentation was at the
6th International Workshop on Software Engineering
for Secure Systems in 2010
Towards security testing with taint analysis and genetic algorithms,
Andrea Avancini and Mariano Ceccato
24. What my Phd was..aka first contact with PhD world
My first official presentation was at the
6th International Workshop on Software Engineering
for Secure Systems in 2010
Towards security testing with taint analysis and genetic algorithms,
Andrea Avancini and Mariano Ceccato
[Real reproduction of my
face that morning]
25. After that…we published some works..
•
Avancini A., Ceccato M., Comparison and integration of genetic algorithms and dynamic symbolic execution for security testing of cross-site scripting vulnerabilities,
in «INFORMATION AND SOFTWARE TECHNOLOGY», vol. 55, 2013 , pp. 2209 - 2222
•
Avancini A., Ceccato M., Security Oracle Based on Tree Kernel Methods, Trustworthy Eternal Systems via Evolving Software, Data and Knowledge, 2013 , pp. 30 43
•
Andrea Avancini, Mariano Ceccato, Circe: A grammar-based oracle for testing Cross-site scripting in web applications, in Proceedings of the 20th Conference on
Reverse Engineering, WCRE, 2013, pp. 262-271, (20th International Conference on Reverse Engineering, Koblenz, Germany, November 2013)
•
Andrea Avancini, Mariano Ceccato, Security Testing of the Communication among Android Applications, Proceedings of the 8th International Workshop on
Automation of Software Test, IEEE computer society, 2013 , pp. 57- 63 , (8th International Workshop on Automation of Software Test, San Francisco, CA, USA,
18-19 May 2013)
•
Andrea Avancini, Mariano Ceccato, Security Testing of Web Applications: A Research Plan, in IEEE, Proceedings of 34th International Conference on Software
Engineering (ICSE 2012), 2012 , (ICSE 2012, Zurigo, da 06/02/2012 a 06/09/2012)
•
Andrea Avancini, Mariano Ceccato, Grammar Based Oracle for Security Testing of Web Applications, Proceedings of the 7th International Workshop on Automation
of Software Test (AST), IEEE, 2012 , pp. 15- 21 , (7th International Workshop on Automation of Software Test (AST), Zurich, Switzerland, 02/06/2012)
•
A. Avancini, M. Ceccato, Towards a Security Oracle Based on Tree Kernel Methods, Proceedings of 2012 Joint Workshop on Intelligent Methods for Software
System Engineering, 2012 , pp. 1- 4 , (2012 Joint Workshop on Intelligent Methods for Software System Engineering, Montpellier, Francia, 08/28/2012)
•
Andrea Avancini, Mariano Ceccato, Security Testing of Web Applications: a Search Based Approach for Cross-Site Scripting Vulnerabilities, Proceedings of Eleventh
IEEE International Working Conference on Source Code Analysis and Manipulation, IEEE Computer Society, 2011 , pp. 85- 94 , (2011 11th IEEE International
Working Conference on Source Code Analysis and Manipulation, Williamsburg, VA, USA, da 25/09/2011 a 26/09/2011)
28. In summary… A PhD helps you to..
•
Learn how to communicate
•
Learn how to learn and to discover on your own
•
Learn how to get stuff done
•
Learn how to work with other people