2025
Authors
Ferreira, A; Barroso, J; Reis, A; Gouveia, AJ;
Publication
Smart Innovation, Systems and Technologies
Abstract
This article presents a systematic review of the most prevalent vulnerabilities plaguing web and mobile applications. By analyzing recent research, it identifies a core set of vulnerabilities, including injection flaws, broken authentication, cross-site scripting (XSS), and insecure direct object references. Recognizing the human element, the article acknowledges the role of social engineering in exploiting these technical weaknesses. The review delves deeper, exploring how these vulnerabilities manifest differently across web and mobile platforms, considering factors like server-side security and API access. The research concludes by advocating for a defense strategy, emphasizing the importance of secure coding practices, robust authentication, and user awareness training. This comprehensive approach paves the way for a more secure digital landscape where both web and mobile applications can thrive. © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.
2025
Authors
Pereira, R; Lima, C; Pinto, T; Barroso, J; Reis, A;
Publication
Smart Innovation, Systems and Technologies
Abstract
The Industry 4.0 paradigm (I4.0) supports the improvement of industrial processes through Information and Communication Technologies (ICT), with information systems providing real-time information to humans and machines, in order to make the production process more flexible and efficient. In this context, Virtual Assistants (VA) collect and process production data and provide contextualized and real-time information to the workers in the production environment. This paper presents a prototype of a VA developed to collect production data from heterogeneous sources in the factory, process them based on contextual information, and provide workers with useful information to assist them in taking informed decisions. In that context, VA can represent a valuable aid to improve overall productivity and efficiency in the I4.0 factories. © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.
2025
Authors
Barros, A; Neto, H; Cunha, A; Macedo, N; Paiva, ACR;
Publication
FORMAL METHODS, PT II, FM 2024
Abstract
Platforms to support novices learning to program are often accompanied by automated next-step hints that guide them towards correct solutions. Many of those approaches are data-driven, building on historical data to generate higher quality hints. Formal specifications are increasingly relevant in software engineering activities, but very little support exists to help novices while learning. Alloy is a formal specification language often used in courses on formal software development methods, and a platform-Alloy4Fun-has been proposed to support autonomous learning. While non-data-driven specification repair techniques have been proposed for Alloy that could be leveraged to generate next-step hints, no data-driven hint generation approach has been proposed so far. This paper presents the first data-driven hint generation technique for Alloy and its implementation as an extension to Alloy4Fun, being based on the data collected by that platform. This historical data is processed into graphs that capture past students' progress while solving specification challenges. Hint generation can be customized with policies that take into consideration diverse factors, such as the popularity of paths in those graphs successfully traversed by previous students. Our evaluation shows that the performance of this new technique is competitive with non-data-driven repair techniques. To assess the quality of the hints, and help select the most appropriate hint generation policy, we conducted a survey with experienced Alloy instructors.
2025
Authors
Kuroishi, PH; Paiva, ACR; Maldonado, JC; Vincenzi, AMR;
Publication
INFORMATION AND SOFTWARE TECHNOLOGY
Abstract
Context: Testing activities are essential for the quality assurance of mobile applications under development. Despite its importance, some studies show that testing is not widely applied in mobile applications. Some characteristics of mobile devices and a varied market of mobile devices with different operating system versions lead to a highly fragmented mobile ecosystem. Thus, researchers put some effort into proposing different solutions to optimize mobile application testing. Objective: The main goal of this paper is to provide a categorization and classification of existing testing infrastructures to support mobile application testing. Methods: To this aim, the study provides a Systematic Mapping Study of 27 existing primary studies. Results: We present a new classification and categorization of existing types of testing infrastructure, the types of supported devices and operating systems, whether the testing infrastructure is available for usage or experimentation, and supported testing types and applications. Conclusion: Our findings show a need for mobile testing infrastructures that support multiple phases of the testing process. Moreover, we showed a need for testing infrastructure for context-aware applications and support for both emulators and real devices. Finally, we pinpoint the need to make the research available to the community whenever possible.
2025
Authors
Silva, M; Paiva, ACR; Mendes, A;
Publication
SOFTWARE QUALITY JOURNAL
Abstract
Software testing plays a fundamental role in software engineering, involving the systematic evaluation of software to identify defects, errors, and vulnerabilities from the early stages of the development process. Education in software testing is essential for students and professionals, as it promotes quality and favours the construction of reliable software solutions. However, motivating students to learn software testing may be a challenge. To overcome this, educators may incorporate some strategies into the teaching and learning process, such as real-world examples, interactive learning, and gamification. Gamification aims to make learning software testing more engaging for students by creating a more enjoyable experience. One approach that has proven effective is to use serious games. This paper presents a novel serious game to teach white-box testing test case design techniques, named GAMFLEW (GAMe For LEarning White-box testing). It describes the design, game mechanics, and its implementation. It also presents a preliminary evaluation experiment with students to assess the usability, learnability, and perceived problems, among other aspects. The results obtained are encouraging.
2025
Authors
Vincenzi, AMR; Kuroishi, PH; Bispo, J; da Veiga, ARC; da Mata, DRC; Azevedo, FB; Paiva, ACR;
Publication
JOURNAL OF SYSTEMS AND SOFTWARE
Abstract
Mutation testing maybe used to guide test case generation and as a technique to assess the quality of test suites. Despite being used frequently, mutation testing is not so commonly applied in the mobile world. One critical challenge in mutation testing is dealing with its computational cost. Generating mutants, running test cases over each mutant, and analyzing the results may require significant time and resources. This research aims to contribute to reducing Android mutation testing costs. It implements mutation testing operators (traditional and Android-specific) according to mutant schemata (implementing multiple mutants into a single code file). It also describes an Android mutation testing framework developed to execute test cases and determine mutation scores. Additional mutation operators can be implemented in JavaScript and easily integrated into the framework. The overall approach is validated through case studies showing that mutant schemata have advantages over the traditional mutation strategy (one file per mutant). The results show mutant schemata overcome traditional mutation in all evaluated aspects with no additional cost: it takes 8.50% less time for mutant generation, requires 99.78% less disk space, and runs, on average, 6.45% faster than traditional mutation. Moreover, considering sustainability metrics, mutant schemata have 8,18% less carbon footprint than traditional strategy.
The access to the final selection minute is only available to applicants.
Please check the confirmation e-mail of your application to obtain the access code.