The Security Threat Identification And TEsting (STIATE) toolkit supports development teams toward security assessment of their under-development applications focusing on subtle security logic flaws that may go undetected by using current industrial technology.
At design-time, STIATE supports the development teams toward threat modeling and analysis by identifying automatically potential threats (via model checking and mutation techniques) on top of sequence diagrams enriched with security annotations (including WHAT-IF conditions). At run-time, STIATE supports the development teams toward testing by exploiting the identified threats to automatically generate and execute test-cases on the up and running application.
Contributors: FBK and SAP AG.
Acknowledgment: STIATE borrows some of the software components developed for the SPaCIoS Tool, that have been further improved with new usability features (e.g., the STIATE front-end), richer content for the mutation engine, and reduced manual effort for testing execution.
Funding: Activity STIATE - Security Threat Identification and Testing, in the context of the EIT ICT Labs activities 2014.