Tue 5 Dec 2023 14:45 - 15:00 at Golden Gate C1 - Testing II Chair(s): Brittany Johnson

The field of software security testing, more specifically penetration testing, is an activity that requires high levels of expertise and involves many manual testing and analysis steps. This paper explores the potential usage of large-language models, such as GPT3.5, to augment penetration testers with AI sparring partners. We explore the feasibility of supplementing penetration testers with AI models for two distinct use cases: high-level task planning for security testing assignments and low-level vulnerability hunting within a vulnerable virtual machine. For the latter, we implemented a closed-feedback loop between LLM-generated low-level actions with a vulnerable virtual machine (connected through SSH) and allowed the LLM to analyze the machine state for vulnerabilities and suggest concrete attack vectors which were automatically executed within the virtual machine. We discuss promising initial results, detail avenues for improvement, and close deliberating on the ethics of providing AI-based sparring partners.

Tue 5 Dec

Displayed time zone: Pacific Time (US & Canada) change

14:00 - 15:30
14:00
15m
Talk
Statfier: Automated Testing of Static Analyzers via Semantic-preserving Program Transformations
Research Papers
Huaien Zhang Southern University of Science and Technology, The Hong Kong Polytechnic University, Yu Pei Hong Kong Polytechnic University, Junjie Chen Tianjin University, Shin Hwei Tan Concordia University
Media Attached
14:15
15m
Talk
Towards Efficient Record and Replay: A Case Study in WeChat
Industry Papers
Sidong Feng Monash University, Haochuan Lu Tencent, Ting Xiong Tencent Inc., Yuetang Deng Tencent Inc., Chunyang Chen Monash University
DOI Media Attached
14:30
15m
Talk
Contextual Predictive Mutation Testing
Research Papers
Kush Jain Carnegie Mellon University, Uri Alon Carnegie Mellon University, Alex Groce Northern Arizona University, Claire Le Goues Carnegie Mellon University
Media Attached
14:45
15m
Talk
Towards Automated Software Security Testing: Augmenting Penetration Testing through LLMs
Ideas, Visions and Reflections
Andreas Happe TU Wien, Jürgen Cito TU Wien
Media Attached
15:00
7m
Talk
LazyCow: A Lightweight Crowdsourced Testing Tool for Taming Android Fragmentation
Demonstrations
Xiaoyu Sun Australian National University, Australia, Xiao Chen Monash University, Yonghui Liu Monash University, John Grundy Monash University, Li Li Beihang University
Media Attached
15:08
7m
Talk
Rotten Green Tests in Google Test
Industry Papers
DOI Media Attached
15:15
15m
Talk
MuAkka: Mutation Testing for Actor Concurrency in Akka Using Real-World Bugs
Research Papers
Mohsen Moradi Moghadam Oakland University, Mehdi Bagherzadeh Oakland University, Raffi Khatchadourian City University of New York (CUNY) Hunter College, Hamid Bagheri University of Nebraska-Lincoln
Pre-print Media Attached