Towards Security-aware Mutation Testing

Thomas Loise, Xavier Devroey, Gilles Perrouin, Mike Papadakis, Patrick Heymans

Research output: Contribution in Book/Catalog/Report/Conference proceedingConference contribution

49 Downloads (Pure)


Mutation analysis forms a popular software analysis technique that has been demonstrated to be useful in supporting multiple software engineering activities. Yet, the use of mutation analysis in tackling security issues has received little attention. In view of this, we design security aware mutation operators to support mutation analysis. Using a known set of common security vulnerability patterns, we introduce 15 security-aware mutation operators for Java. We then implement them in the PIT mutation engine and evaluate them. Our preliminary results demonstrate that standard PIT operators are unlikely to introduce vulnerabilities similar to ours. We also show that our security-aware mutation operators are indeed applicable and prevalent on open source projects, providing evidence that mutation analysis can support security testing activities.
Original languageEnglish
Title of host publicationProceedings - 10th IEEE International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2017
Subtitle of host publicationMutation 2017
Number of pages6
ISBN (Electronic)9781509066766
Publication statusPublished - 13 Mar 2017
Event12th International Workshop on Mutation Analysis (Mutation 2017) - Tokyo, Japan
Duration: 13 Mar 201713 Mar 2017
Conference number: 12

Publication series

NameICSTW '17

Scientific committee

Scientific committee12th International Workshop on Mutation Analysis (Mutation 2017)
Abbreviated titleMutation 2017
Internet address


  • mutation analysis
  • mutation operators
  • security testing
  • PIT
  • FindBugs
  • Security Testing
  • Mutation operators
  • Mutation analysis

Fingerprint Dive into the research topics of 'Towards Security-aware Mutation Testing'. Together they form a unique fingerprint.

Cite this