You are here
The Security Threat Identification And TEsting (STIATE) toolkit supports development teams toward security assessment of their under-development applications focusing on subtle security logic flaws that may go undetected by using current industrial technology.
Web Site: http://st.fbk.eu/stiate
At design-time, STIATE supports the development teams toward threat modeling and analysis by identifying automatically potential threats (via model checking and mutation techniques) on top of sequence diagrams enriched with security annotations (including WHAT-IF conditions). At run-time, STIATE supports the development teams toward testing by exploiting the identified threats to automatically generate and execute test-cases on the up and running application.
The tool is available on request. Please, send an email to Roberto Carbone.
Contributors: FBK and SAP AG
Acknowledgment: STIATE borrows some of the software components developed for the SPaCIoS Tool, that have been further improved with new usability features (e.g., the STIATE front-end), richer content for the mutation engine, and reduced manual effort for testing execution.