20th TAROT Summer School on Software Testing, Verification & Validation

Vinaora Nivo Slider 3.x
Naples waterfront at night

Speakers

Anna Rita Fasolino

Professor, University of Napoli Federico II

A look into current trends in software testing education

Abstract: Software testing plays a crucial role in software development but is often neglected, leading to a shortage of skilled professionals in the industry. While universities have made efforts to enhance teaching methodologies, challenges remain—particularly in bridging the gap between theoretical knowledge and practical application to better equip students for their careers. This talk explores how software testing is taught in academia, considering insights from both students and instructors. It will highlight the key difficulties students encounter in software testing courses and present educators’ perspectives on the strategies they employ and the obstacles they face. Finally, the discussion will examine emerging approaches, such as gamification and challenge-based learning, as promising methods to address these challenges and align teaching practices with students' learning needs.

Short Bio: Anna Rita Fasolino is a Full Professor of Software Engineering at the Department of Electrical Engineering and Information Technology (DIETI) of the University of Napoli Federico II (Italy), where she leads the Research Group in Software Engineering "ReverSE". She received the M.S. Laurea degree cum laude in Electronic Engineering in 1992 and a Ph.D. in Electronic and Computer Engineering in 1996, both at the University of Naples Federico II. Her main research interests fall in the areas of Software Engineering, Software Maintenance, Reverse Engineering, Web Engineering and Mobile Application Testing. She has co-authored more than 100 papers in international scientific journals (IEEE Software, Journal of Systems and Software, Software Testing Verification and Reliability, Software Process and Evolution, etc.), book chapters (Advances on Computers, Web Engineering), and proceedings of international Conferences (International Conference on Software Maintenance, Automated Software Engineering, Conference on Program Comprehension, International Conference on Software Testing, etc.).

 

Eider Iturbe

Senior Researcher, TECNALIA, Spain

Threat assessment and adversarial testing of AI-based systems

Abstract: Artificial Intelligence (AI)-based systems have become integral to modern digital infrastructures, offering intelligence and decision-making support. However, these systems are increasingly targeted by malicious attacks. This session will explore the primary threats and relevant standards concerning AI system security. Following this, a security risk assessment methodology designed to help AI system owners and providers evaluate potential risks will be introduced. The session will conclude with a practical demonstration.

Short Bio: Eider Iturbe (ORCID 0000-0002-5458-6049) is a senior researcher in the Cybersecurity team at the Digital Unit of Tecnalia Research & Innovation in Spain. She specializes in various areas of cybersecurity, including risk management, intrusion detection, incident response, cyber threat intelligence, and the application of Artificial Intelligence in cybersecurity. With over 15 years of experience in R&D&I and technology transfer projects in ICT and Cybersecurity, Eider has participated in 15 international research projects, where she has served as both a senior researcher and technical manager. She holds an M.Eng in Telecommunications Engineering and a European Master in Project Management from the University of the Basque Country.

 

Javier Arcas

Senior Researchers, TECNALIA, Spain

Attack emulation and simulation for Intrusion Detection System implementation and testing

Abstract: This session will provide an overview of the differences and methodologies of attack emulation and attack simulation. Both methods are valuable for the implementation and testing of Intrusion Detection Systems, however the choice of method depends on the resources available to the user. The advantages and disadvantages of each approach will be examined. The session will include practical demonstrations of both methods, and students will have the opportunity to engage in hands-on activities with the attack simulation tool and provide their feedback.

Short Bio: Javier Arcas (ORCID 0000-0001-6733-3713) is a senior researcher at the Medical Technologies Unit of TECNALIA Research & Innovation in Spain since 2009 and holds a Bachelor of Industrial Engineering and a degree in Work Design and Industrial Organization from the Industrial Engineering School in Bilbao, Spain. He has focused on interactive robotic platforms for people with disabilities, tele-rehabilitation interfaces for stroke recovery, development of tools to improve interaction for people with disabilities, software frameworks for IoT that allow user behaviour inference and risk situation monitoring, balance assessment and training applications and sensorized exoskeletons for rehabilitation and prevention of musculoskeletal injuries. Currently, he is working in the field of cybersecurity, developing predictive models for event detection and analysis in the DYNABIC project.

 

Phu Nguyen, Ph.D.

Senior Researcher Scientist, SINTEF Digital, Norway

Digital Twin-Based Security Orchestration, Automation and Response for the Business Continuity of Critical Infrastructures

Abstract: The digitisation leveraging technologies in the Internet of Things (IoT) and Cyber-Physical Systems (CPS) has been largely adopted together with the Digital Twin (DT) paradigm. However, the distributed and heterogeneous nature of IoT or CPS poses significant challenges in safeguarding against diverse attack surfaces, including physical devices, network infrastructures, and third-party integration. Furthermore, the evolving security threats and potential cascading effects from cyber attacks add another layer of complexity to the security landscape. In this talk, we present a digital twin-based security orchestration automation and response framework, striving for business continuity (SOAR4BC). Leveraging system contexts from the DT in combination with security intelligence from the security tools gives us a holistic context for SOAR, which has not been seen in the existing approaches. By subjecting different types of (cyber-)security incident responses to rigorous experimental evaluation, we substantiate the efficacy and reliability of the SOAR4BC framework in detecting and responding to security (and business continuity) violations within simulated digital twin environments. Through this lecture, we offer novel insights into the convergence of digital twin technology and cybersecurity, illuminating the unique challenges and opportunities inherent in DT-based IoT and CPS systems.

Short Bio: Phu H. Nguyen is a senior research scientist at SINTEF in Oslo, Norway. He conducts research in Software Engineering, with a focus on new tools and methodologies for software development and operation of intelligent and trustworthy systems spanning across the IoT, edge, and cloud continuum with a particular focus on sustainability. He has experience from working in international research projects in the EU as well as research and development projects with industry in Norway. He has an international education and research background, from Vietnam (BSc) to the Netherlands (MSc), Luxembourg (Ph.D.), and Norway. He is also an active reviewer of high-impact journals (e.g., TSE, SoSyM, INFSOF, JSS), and a PC member and organiser of conferences, and workshops. He was awarded a certificate for exceptional contributions, support, and commitment in the organization of the Sixth IEEE International Conference on Software Testing, Verification and Validation (ICST 2013), IBM award for displaying exceptional personal dedication, teamwork, and contribution to the ibm.com project 2007, and the first prize at the LuxDoc Science Slam 2014 for communicating research to the public.

 

Wissam Mallouli, Ph.D.

Senior Researcher, Montimage, France

Advanced Network Fuzzing for Networked System Testing

Abstract: In this lecture, we will explore the topic of network fuzzing, a powerful technique for networked system testing, used to identify both software bugs and security vulnerabilities that may affect the reliability and robustness of networked applications. Network fuzzing allows automatically generating and injecting malformed or unexpected inputs into network communications leading to potential crashes, unexpected behaviours, or security breaches. This session will provide both theoretical insights and practical demonstrations using the Montimage Network Fuzzer, an open-source tool designed to enhance automated testing.

Short Bio: Dr. Wissam Mallouli is a senior researcher and project coordinator at Montimage, a French SME specializing in cybersecurity solutions. He has extensive expertise in network security, software testing and AI-driven security, contributing to multiple European research projects focused on automated security, AI-based analysis, and resilient system design. He regularly participates in international conferences, workshops, and training programs, sharing his knowledge on cybersecurity and testing technologies.

Alessandra De Benedictis

Associate Professor, University of Napoli Federico II

Security Risk Analysis and Assessment
Abstract: In an era where cyber threats are increasingly sophisticated, understanding security risk analysis and assessment is crucial for protecting sensitive information. This lecture offers an overview of the key concepts and practices involved in identifying and mitigating security risks. Participants will learn about the different types of security risks, the methodologies for analyzing these risks, and the steps involved in conducting thorough security assessments. The session will cover essential topics such as threat identification, risk evaluation, and security maturity models.

Short Bio: Alessandra De Benedictis received her M.S. degree in Computer Engineering in 2009 and her Ph.D in Computer and Automation Engineering in 2013, both from the University of Naples Federico II, Naples, Italy. She is currently an assistant professor at the Department of Electrical Engineering and Information Technology of the University of Naples Federico II. Her research interests mainly involve the
design and evaluation of secure architectures for the protection of distributed systems. She is particularly interested in the definition of methodologies for the development of applications able to offer well-defined security guarantees, both in the cloud environment and in presence of resource constraints. Other relevant research activities include the investigation on moving target defense mechanisms and on embedded security solutions based on reconfigurable hardware.

 

Gurkan Gur

Dr, Zurich University of Applied Sciences, School of Engineering

Short Bio: Dr. Gürkan Gür is a senior lecturer at Zurich University of Applied Sciences (ZHAW) InIT Information Security Group in Winterthur, Switzerland. He received his B.S. degree in electrical engineering in 2001 and Ph.D. degree in computer engineering in 2013 from Bogazici University in Istanbul, Turkey. His research interests include Future Internet, 5G and Beyond networks, information security, and critical infrastructure protection. Currently, he is involved in Horizon Europe NATWORK (https://natwork-project.eu/), MSCA SE ENSURE-6G (https://ensure-6g.eu/) and SNSF-NSF co-funded SATUQ (https://www.zhaw.ch/en/research/project/76264) projects. He is a member of IEEE 3394 S2CY - Space System Cybersecurity and IEEE 1920.2 Vehicle-to-Vehicle Communications for Unmanned Aircraft Systems standardization work groups. He is a senior member of IEEE and a member of ACM.

 

Carlo Mazzocca

Researcher, Università di Salerno, Dipartimento di Ingegneria dell'Informazione ed Elettrica e Matematica applicata

Federated Learning: Does It Truly Protect My Privacy?

Abstract: Federated Learning (FL) is often promoted as a privacy-preserving approach for machine learning, allowing clients to collaboratively train a shared model without outsourcing their private data. However, does this inherently guarantee privacy? In this talk, we will critically examine the privacy risks that persist in FL, including inference attacks and gradient leakage. While FL offers significant privacy advantages over centralized learning, we will uncover why it is not a silver bullet.

Short Bio: Carlo Mazzocca received his Ph.D. in Computer Science and Engineering from the University of Bologna, Italy, in 2024, and his M.Sc. in Computer Engineering from the University of Naples Federico II, Italy, in 2020. He is currently a Tenure-Track Assistant Professor at the University of Salerno. His research interests include digital identity, security mechanisms based on distributed ledger technologies, and security and privacy in machine learning.

Porfirio Tramontana

Professor, University of Napoli Federico II

Experiences in Teaching Software Testing By Gamification

Abstract: A common problem in software testing teaching is related to the negative perception that students have of this kind of activities, since they are generally more engaged to more ‘constructive’ activities, such as software design and implementation. A promising solution is represented by gamification, consisting in bringing real problems related to software testing to a playful context. Several approaches for teaching testing topics by gamification have recently experimented in the context of the European project called ENACTEST, providing useful feedbacks from students in terms of engagement and acquired competencies.

Short Bio: Porfirio Tramontana is an Associate Professor in Computer Science at the Department of Electrical Engineering and Information Technology of the University of Napoli Federico II, Italy. He has taught lectures for more than 50 academic courses since 2005 in the fields of information science and technology. He is the author or co-author of more than 75 peer reviewed papers published in international conference proceedings and journals. His main research interests fall in the field of software engineering and include automation of reverse engineering, reuse, reengineering, migration, maintenance models, testing, quality assessment, semantic interoperability, software engineering education in particular in the contexts of Web applications, Web services and mobile applications. He has served on many editorial committees of international conferences and journals.  

 

Eleni Seralidou

Project Manager, Trustillo

Software Security: Theory and Hands-On Training

Abstract: This lecture covers key software security concepts, research insights, and practical DevSecOps strategies. Participants will explore common vulnerabilities, risk assessment methods, and hands-on techniques for identifying and fixing security issues.

What You'll Learn:

  • Core security concepts and research-backed insights
  • How to identify and assess vulnerabilities
  • Strategies for prioritizing and mitigating risks
  • Best practices for secure coding and remediation

Short Bio: Dr. Eleni Seralidou is a Project Manager/Analyst at Trustilio B.V., specializing in cybersecurity, secure software development, code auditing, and vulnerability assessment. She holds a PhD in collaborative internet tools and an MSc in advanced informatics and computing systems from the University of Piraeus, Greece, and has authored multiple scientific articles in conferences and journals since 2010. 

 

Zoltán Ságodi

Researcher, University of Szeged, Software Engineering Department

AI-Powered Security Analysis

Abstract: Ensuring software security requires effective vulnerability detection and mitigation. Traditional methods, such as static analysis and symbolic execution, are widely used but face challenges including false positives, path explosion, and the lack of runtime context. This lecture explores how AI enhances these techniques, improving detection accuracy and enabling automated vulnerability repair. Key topics include static and symbolic analysis, AI-driven path pruning for symbolic execution, and large language models (LLMs) for vulnerability detection and code repair. The session features interactive exercises and live demonstrations, showcasing recent research advancements and practical applications of AI in security analysis.

Short Bio: Zoltán Ságodi is a researcher at the University of Szeged, specializing in source code analysis. His research journey began during his BSc studies, focusing primarily on static analysis techniques. In recent years, with the rise of large language models (LLMs), his work has expanded to include AI-driven source code analysis and automated vulnerability fixing. Zoltán has been actively involved in the AI4Cyber project, which project contributed to both Vulnerability Detection and Automatic Vulnerability Fixing. Zoltán's research aims to bridge traditional static analysis methods with modern AI approaches, enhancing software security and automated repair techniques.