Alexandre VERNOTTE


En résumé

I am completing my PhD in Application Security Testing under the direction of Prof. Bruno Legeard and Dr. Fabien Peureux, entitled “Pattern-driven and Model-based Vulnerability Testing for Web Applications”. I will complete my dissertation by this summer and receive my PhD in September 2015.

My research is centered on creating a Web Application Vulnerability Testing technique by means of attack patterns coupled with Model-Based Testing, called PMVT. I have been involved in two research projects. The first was a French PIA Project called Dynamic Application Security Testing (DAST – ), and the second one is a EU FP7 project called RASEN ( ) and is about compositional risk assessment and security testing of networked systems.

After completion of my PhD, I plan on pursuing an academic carreer. I am therefore actively looking for a post-doctoral position in cybersecurity, preferably in the US, to pursue research in computer security in a fresh environment.

Mes compétences :
Vulnerability testing
Risk assessment
Software Testing
Python Programming
Agile Scrum


  • KTH Royal Institute of Technology - Post doc

    2015 - maintenant
  • Institut Femto-ST - PhD Student

    Besançon 2012 - 2015 The goal of this thesis was to propose an original approach, dubbed PMVT for Pattern-driven and Model-based Vulnerability Testing, to improve the capability for detecting four high-profile vulnerability types, Cross-Site Scripting, SQL Injections, CSRF and Privilege Escalations, and reduce false positives and false negatives verdicts.
    PMVT relies on the use of a behavioral model of the application, capturing its functional aspects, and a set of vulnerability test patterns that address vulnerabilities in a generic way.
    By adapting existing Model-Based-Testing technologies, an integrated toolchain that supports PMVT has been designed to automate the detection of the four vulnerability types in Web applications. This prototype has been experimented and evaluated on two real-life Web applications that are currently used by tens of thousands users.
    Experiments have highlighted the effectiveness and efficiency of PMVT and shown a strong improvement of vulnerability detection capabilities w.r.t. available automated Web application scanners for these kind of vulnerabilities.



Annuaire des membres :