Data integration and ADTree, Test Cases Generation

In this page we present the elements used for the data integration in order to classify a set of security patterns and CAPEC attack patterns. In addition, we put in the toolkit used for Attack Defense Trees (ADTree), and Given, When, Then (GWT) Cucumber testcases.

Database Acesss :

In order to generate such a database, a set of Talend scripts are firstly used in order to integrate data in a datastore which will be used for ADTrees and test cases generation.

 

Link to Download the scripts:

 

Use the following link to download the tool used for the ADTrees and test cases generation. The tool makes use of The Attack-Defense Tree Tool (ADTool) in order to drow and analyse attack defense trees. In addition, OWASP Zaproxy and Selenium WebDriver are also used for test cases execution.

A set of ADTrees generated with our method is available to download using the following link.

The cited toolkit has been tested through an experiment with 24 participants. The results of the experiment are available to download in the next link. The Experiment was conducted throug two parts, in the first part the participants have chosen security patterns for two attacks and wrote tests without our method. In the second part they did the same tasks using our toolkit in addtion to some documentations and definitions.