Dra. Alexandra Martínez Porras

Formación académica

  • Doctorado en Ingeniería en Computación, University of Florida, EE. UU., 2007.
  • Maestría en Ingeniería en Computación, University of Florida, EE. UU., 2006.
  • Programa Pre-Doctoral en Informática, École Polytechnique Fédérale de Lausanne, Suiza, 2002.
  • Bachillerato en Computación e Informática, Universidad de Costa Rica, Costa Rica, 2000.

Experiencia laboral

  • Profesora Catedrática, Escuela de Ciencias de la Computación e Informática, Universidad de Costa Rica, Abril 2019 - presente.
  • Profesora Asociada, Escuela de Ciencias de la Computación e Informática, Universidad de Costa Rica, Setiembre 2012 - Abril 2019.
  • Profesora Adjunta, Escuela de Ciencias de la Computación e Informática, Universidad de Costa Rica, Julio 2012 - Setiembre 2012.
  • Profesora Instructora, Escuela de Ciencias de la Computación e Informática, Universidad de Costa Rica, Enero - Julio 2012. 
  • Profesora Invitada, Escuela de Ciencias de la Computación e Informática, Universidad de Costa Rica, Julio 2009 - Diciembre 2011.
  • Ingeniera de Diseño de Pruebas de Software, Microsoft Corp., EE. UU., Noviembre 2007 - Mayo 2009.
  • Asistente de Investigación, University of Florida, EE. UU., Agosto 2005 - Agosto 2007.
  • Asistente de Docencia, University of Florida, EE. UU., Agosto 2002 - Abril 2005.
  • Ingeniera de Software, ArtinSoft, Costa Rica, Agosto 2000 - Setiembre 2001.
  • Asistente de Docencia, Universidad de Costa Rica, Costa Rica, Marzo 1999 - Julio 2000.

Proyectos

Publicaciones

Evaluation of a model-based testing platform for Java applications

Descripción:

Model-based testing (MBT) automates the design and generation of test cases from a model. This process includes model building, test selection criteria, test case generation, and test case execution stages. Current tools support this process at various levels of automation, most of them supporting three out of four stages. Among them is MBT4J, a platform that extends ModelJUnit with several techniques, offering a high level of automation for testing Java applications. In this study, the authors evaluate the efficacy of the MBT4J platform, in terms of the number of test cases generated, errors detected, and coverage metrics. A case study is conducted using two open-source Java systems from public repositories, and 15 different configurations. MBT4J was able to automatically generate five models from the source code. It was also able to generate up to 2025 unique test cases for one system and up to 1044 for the other, resulting in 167 and 349 failed tests, respectively. Transition and transition pair coverage reached 100% for all models. Code coverage ranged between 72 and 84% for the one system and between 59 and 76% for the other. The study found that Greedy and Random were the most effective testers for finding errors.

Tipo de publicación: Journal Article

Publicado en: IET Software

Evaluating a model-based software testing approach in an industrial context: A replicated study

Descripción:

Software organizations are continuously looking for techniques to increase the effectiveness and efficiency of their testing processes. Model-based testing (MBT) is an approach that automates the design and generation of test cases based on a model that represents the system under test. MBT can reduce the cost of software testing and improve the systems quality. However, the introduction of the MBT approach could be complex for software development teams in the industry. This paper replicates a previous study that evaluated the use of MBT by software engineers in an industrial context. The goal of this replication is to evaluate the feasibility and acceptance of the MBT approach from the perspective of quality engineers testing a software application in the industry. We conducted a case study with four quality assurance engineers who modeled one module of the system under test, and then generated and executed a set of test cases using an MBT tool. Participants were able to use MBT to model and test the software system and provided several insights about the challenges and opportunities of using this approach.

Tipo de publicación: Conference Paper

Publicado en: 14th Iberian Conference on Information Systems and Technologies (CISTI)

Comparing the effort and effectiveness of automated and manual tests

Descripción:

This paper presents three case studies that compare the effort and effectiveness of automated versus manual testing, in the context of a multinational services organization. Effort is measured in terms of the total test time, which includes script creation and test execution in the case of automated testing, and comprises test execution and reporting in the case of manual testing. Effectiveness is measured in terms of the number and severity of defects found. The software under test is a set of Java web applications. The testing process was carried out by two testers within the organization. Our results show that automated testing needs a higher initial effort, mainly caused by the creation of the scripts, but this cost can be amortized in time as automated tests are executed multiple times for regression testing. Results also show that automated testing is more effective than manual testing at finding defects.

Tipo de publicación: Conference Paper

Publicado en: 14th Iberian Conference on Information Systems and Technologies (CISTI)

Model-based testing areas, tools and challenges: A tertiary study

Descripción:

Context: Model-based testing is one of the most studied approaches by secondary studies in the area of software testing. Aggregating knowledge from secondary studies on model- based testing can be useful for both academia and industry. 

Objective: The goal of this study is to characterize secondary studies in model-based testing, in terms of the areas, tools and challenges they have investigated. 

Method: We conducted a tertiary study following the guidelines for systematic mapping studies. Our mapping included 22 secondary studies, of which 12 were literature surveys and 10 systematic reviews, over the period 1996–2016. 

Results: A hierarchy of model-based testing areas and subareas was built based on existing taxonomies as well as data that emerged from the secondary studies themselves. This hierarchy was then used to classify studies, tools, challenges and their tendencies in a unified classification scheme. We found that the two most studied areas are UML models and transition-based notations, both being modeling paradigms. Regarding tendencies of areas in time, we found two areas with constant activity through time, namely, test objectives and model specification. With respect to tools, we only found five studies that compared and classified model-based testing tools. These tools have been classified into common dimensions that mainly refer to the model type and phases of the model-based testing process they support. We reclassified all the tools into the hierarchy of model-based testing areas we proposed, and found that most tools were reported within the modeling paradigm area. With regard to tendencies of tools, we found that tools for testing the functional behavior of software have prevailed over time. Another finding was the shift from tools that support the generation of abstract tests to those that support the generation of executable tests. For analyzing challenges, we used six categories that emerged from the data (based on a grounded analysis): efficacy, availability, complexity, professional skills, investment, cost & effort, and evaluation & empirical evidence. We found that most challenges were related to availability. Besides, we too classified challenges according to our hierarchy of model-based testing areas, and found that most challenges fell in the model specification area. With respect to tendencies in challenges, we found they have moved from complexity of the approaches to the lack of approaches for specific software domains. 

Conclusions: Only a few systematic reviews on model-based testing could be found, therefore some areas still lack secondary studies, particularly, test execution aspects, language types, model dynamics, as well as some modeling paradigms and generation methods. We thus encourage the community to perform further systematic reviews and mapping studies, following known protocols and reporting procedures, in order to increase the quality and quantity of empirical studies in model-based testing.

Tipo de publicación: Journal Article

Publicado en: CLEI Electronic Journal

Evaluating Model-Based Testing in an Industrial Project: An Experience Report

Descripción:

Model-based testing (MBT) is an approach that automates the design and generation of test cases based on a model that represents the system under test. MBT can reduce the cost of software testing and improve the quality of systems in the industry. The goal of this study is to evaluate the use of MBT in an industrial project with the purpose of analyzing its efficiency, efficacy and acceptance by software engineers. A case study was conducted where six software engineers modeled one module of a system, and then generated and executed the test cases using an MBT tool. Our results show that participants were able to model at least four functional requirements each, in a period of 20 to 60 min, reaching a code coverage between 39% and 59% of the system module. We discussed relevant findings about the completeness of the models and common mistakes made during the modeling and concretization phases. Regarding the acceptance of MBT by participants, our results suggest that while they saw value in the MBT approach, they were not satisfied with the tool used (MISTA), because it did not support key industry needs.

Tipo de publicación: Conference Paper

Publicado en: Advances in Intelligent Systems and Computing

Using Model-Based Testing to Reduce Test Automation Technical Debt: An Industrial Experience Report

Descripción:

Technical debt is the metaphor used to describe the effect of incomplete or immature software artifacts that bring short-term benefits to projects, but may have to be paid later with interest. Software testing cost is proven to be high due to the time (and resource)-consuming activities involved. Test automation is a strategy that can potentially reduce this cost and provide savings to the software development process. The lack or poor implementation of a test automation approach derives in test automation debt. The goal of this paper is to report our experience using a model-based testing (MBT) approach on two industrial legacy applications and assess its impact on test automation debt reduction. We selected two legacy systems exhibiting high test automation debt, then used a MBT tool to model the systems and automatically generate test cases. We finally assessed the impact of this approach on the test automation technical debt by analyzing the code coverage attained by the tests and by surveying development team perceptions. Our results show that test automation debt was reduced by adding a suite of automated tests and reaching more than 75% of code coverage. Moreover, the development team agrees in that MBT could help reduce other types of technical debt present in legacy systems, such as documentation debt and design debt. Although our results are promising, more studies are needed to validate our findings.

Tipo de publicación: Conference Paper

Publicado en: Advances in Intelligent Systems and Computing

Incorporando pruebas basadas en modelos para servicios web en un proceso de desarrollo ágil: Un caso de estudio en la industria

Descripción:

Los equipos ágiles enfrentan dificultades para poder realizar pruebas de software a profundidad, dadas las iteraciones cortas de desarrollo. En muchos casos, las pruebas para servicios web se realizan manualmente, consumen mucho tiempo y requieren la experiencia de los miembros del equipo. Un enfoque de pruebas basadas en modelos, que permita la automatización de estas pruebas, podría mejorar la eficiencia del proceso y la calidad de los productos sin embargo, su adopción no debería contravenir los valores, principios y prácticas de las metodologías ágiles. En este caso de estudio discutimos el proceso realizado para incorporar pruebas basadas en modelos para automatizar las pruebas de servicios web en un equipo que implementa prácticas ágiles, y analizamos su efectividad al usar la herramienta TestOptimal sobre servicios web RESTful. Asimismo, discutimos las percepciones de los miembros del equipo, los retos y oportunidades de uso de este tipo de enfoques en equipos ágiles. Los resultados indican que las pruebas basadas en modelos permiten aumentar la cantidad de casos de prueba y defectos encontrados. Por su parte, los miembros del equipo consideran que para aumentar la aceptación de estos enfoques durante el desarrollo de un proyecto ágil, son esenciales el conocimiento para el modelado y las herramientas de apoyo. A pesar de que se logra una mejora en la generación de casos de pruebas automatizados y en la detección de errores, las pruebas basadas en modelos se perciben como un enfoque complejo de aplicar.

Tipo de publicación: Magazine Article

Publicado en: Revista Ibérica de Sistemas e Tecnologias de Informação

Characterization of DevOps practices in software development organizations: A systematic mapping

Descripción:

DevOps is a set of software engineering practices that combine efforts from development and operations areas, with the aim of improving delivery time and software quality. The goal of this study is to characterize DevOps practices used by organizations that develop software. For this, we performed a systematic literature mapping covering the period 2015-2019. In total, 42 primary articles were included and analyzed. We identified and classified a total of 20 DevOps practices, 18 criteria to evaluate DevOps practices, 16 benefits and 19 challenges related to DevOps’ adoption. Our results show the need for more empirical studies in organizations, which directly address issues like evaluation criteria to assess the operation of DevOps practices.

Tipo de publicación: Journal Article

Publicado en: Revista Ibérica de Sistemas e Tecnologias de Informação

Decision support systems that use artificial intelligence for precision agriculture: a systematic literature mapping

Descripción:

Decision support systems for agriculture allow to optimize crop processes by using the least amount of resources (land, water and fertilizers). In this study, we characterized decision support systems that use artificial intelligence (AI) techniques for precision agriculture processes. A total of 12 artificial intelligence techniques and 73 input variables were identified, with climate variables being the most used. Keywords: decision support systems; artificial intelligence; precision agriculture; greenhouses.

Tipo de publicación: Journal Article

Publicado en: Revista Ibérica de Sistemas e Tecnologias de Informação

Use of data mining and machine learning techniques for fraud detection in financial statements: A systematic mapping study

Descripción:

Fraud detection in financial statements is a constant and laborious task in the audit area. Traditionally, this task has been performed by experts, limiting its scope due to restrictions in manual processing capacity. In recent years, there has been an increase in the use of data mining and machine learning techniques to review in a comprehensive and automated way the organizations’ financial statements. The objective of this study was to analyze data mining and machine learning techniques used in financial fraud detection, in order to characterize the reported algorithms and the metrics used to evaluate their effectiveness. For this, a systematic mapping study of 67 studies was carried out. Our results show that since 2015 there was an upturn in the amount of studies that use these techniques for fraud detection in financial statements, where vector support machines are the most used technique, with 19 studies, followed by artificial neural networks, with 15 studies, and decision trees, with 11 studies. Effectiveness was assessed by the degree of precision with which the implemented techniques detected real fraud cases, obtaining values between 70% and 99.9%.

Tipo de publicación: Journal Article

Publicado en: Revista Ibérica de Sistemas e Tecnologias de Informação

Implementation of Project Based Learning: Lessons Learned

Descripción:

Project Based Learning (PBL) is a teaching and learning methodology where students develop projects under real conditions to acquire the knowledge and develop the skills required for their profession. In this article we discuss the lessons learned from two teachers who implemented different PBL approaches in three courses from the Bachelor in Computer and Informatics at the University of Costa Rica, during three semesters. We discuss the main considerations and decisions associated to project design elements and teaching practices. Among the main benefits identified by teachers when using PBL are the high motivation of students and the natural development of soft skills. Among the greatest challenges are (1) the design of learning assessment, considering technical aspects, soft skills, self- and peer- evaluations; (2) continuous feedback to students on their progress in the project and in team dynamics (and its consequent time investment); and (3) the necessary balance between designing a challenging and realistic project that enables the achievement of the course's learning objectives. We recommend the use of agile methodologies such as Scrum, which align very well with PBL principles, as well as the use of hybrid PBL methodologies, which include complementary didactic strategies to achieve the learning objectives of the course.

Tipo de publicación: Conference Paper

Publicado en: 2019 XLV Latin American Computing Conference (CLEI)

Tools for the evaluation of web accessibility: A systematic literature mapping

Descripción:

In recent years, different tools have been proposed to automate the evaluation of the web contents accessibility criteria proposed by the World Wide Web Consortium (W3C). These tools can verify that a website complies with web accessibility standards such as WCAG, but the results of the evaluation may depend on the tool used. This study identifies and characterizes web accessibility assessment tools through a systematic literature mapping. A total of 50 articles were analyzed. We report the accessibility criteria evaluated by each tool as well as the main challenges related to the evaluations.

Tipo de publicación: Conference Paper

Publicado en: 2019 IV Jornadas Costarricenses de Investigación en Computación e Informática (JoCICI)

Automated Functional Size Measurement: A Multiple Case Study in the Industry

Descripción:

Automating functional size measurement (FSM) for software applications that use specific development frameworks is a challenge for the industry. Although FSM automation brings benefits such as savings in time and costs, and better measure reliability, it is difficult to implement. In this paper, we present a multi-case study that evaluates the accuracy of an automated procedure for software size estimation in the context of a software development company. This procedure is implemented by a tool called FastWorks FPA, which obtains the IFPUG FPA function point estimation of software applications modeled in the company’s FastWorks framework. We describe the measurement process used by the tool, and discuss the results of the case studies. The accuracy (magnitude of relative error) of the measurements computed by the tool ranged between 3.9% and 12.9%, based on the total unadjusted function points. These results provide evidence for the feasibility of automating the counting process, as the tool’s estimated functional size reasonably approximates the result of specialists’ manual counting.

Tipo de publicación: Conference Paper

Publicado en: Product-Focused Software Process Improvement

MBT4J: Automating the Model-Based Testing Process for Java Applications

Descripción:

Model-based testing is a process that can reduce the cost of software testing by automating the design and generation of test cases but it usually involves some time-consuming manual steps. Current model-based testing tools automate the generation of test cases, but offer limited support for the model creation and test execution stages. In this paper we present MBT4J, a platform that automates most of the model-based testing process for Java applications, by integrating several existing tools and techniques. It automates the model building, test case generation, and test execution stages of the process. First, a model is extracted from the source code, then an adapter—between this model and the software under test—is generated and finally, test cases are generated and executed. We performed an evaluation of our platform with 12 configurations using an existing Java application from a public repository. Empirical results show that MBT4J is able to generate up to 2,438 test cases, detect up to 289 defects, and achieve a code coverage ranging between 72% and 84%. In the future, we plan to expand our evaluation to include more software applications and perform error seeding in order to be able to analyze the false positive and negative rates of our platform. Improving the automation of oracles is another vein for future research.

Tipo de publicación: Conference Paper

Publicado en: Advances in Intelligent Systems and Computing

Evaluating hyper-parameter tuning using random search in support vector machines for software effort estimation

Descripción:

Studies in software effort estimation (SEE) have explored the use of hyper-parameter tuning for machine learning algorithms (MLA) to improve the accuracy of effort estimates. In other contexts random search (RS) has shown similar results to grid search, while being less computationally-expensive. In this paper, we investigate to what extent the random search hyper-parameter tuning approach affects the accuracy and stability of support vector regression (SVR) in SEE. Results were compared to those obtained from ridge regression models and grid search-tuned models. A case study with four data sets extracted from the ISBSG 2018 repository shows that random search exhibits similar performance to grid search, rendering it an attractive alternative technique for hyper-parameter tuning. RS-tuned SVR achieved an increase of 0.227 standardized accuracy (SA) with respect to default hyper-parameters. In addition, random search improved prediction stability of SVR models to a minimum ratio of 0.840. The analysis showed that RS-tuned SVR attained performance equivalent to GS-tuned SVR. Future work includes extending this research to cover other hyper-parameter tuning approaches and machine learning algorithms, as well as using additional data sets.

Tipo de publicación: Conference Paper

Publicado en: Proceedings of the 16th ACM International Conference on Predictive Models and Data Analytics in Software Engineering

Técnicas de ajuste de hiperparámetros de algoritmos de aprendizaje automático para la estimación de esfuerzo: un mapeo de literatura

Descripción:

Distintos algoritmos de aprendizaje automático (ML) han sido utilizados para apoyar los procesos de estimación de esfuerzo de desarrollo del software (EES). Sin embargo, el desempeño de estos algoritmos puede verse impactado por varios factores, uno de los cuales es la escogencia de los hiperparámetros. En los últimos años, el ajuste de hiperparámetros ha surgido como un área de investigación de interés para la EES que busca optimizar el desempeño de los modelos de ML. En este trabajo, realizamos un mapeo sistemático de literatura para caracterizar las técnicas de ajuste automático de hiperparámetros de algoritmos de ML utilizados en el contexto de la EES. Presentamos los resultados de 67 estudios identificados entre el 2010 y el 2019 y clasificamos las técnicas de ajuste de hiperparámetros, los algoritmos de ML y los conjuntos de datos dónde se han aplicado. Asimismo, reportamos los retos reportados como mapa de ruta para futuras investigaciones en el área.

Tipo de publicación: Journal Article

Publicado en: Revista Ibérica de Sistemas e Tecnologias de Informação

Hyper-Parameter Tuning of Classification and Regression Trees for Software Effort Estimation

Descripción:

Classification and regression trees (CART) have been reported to be competitive machine learning algorithms for software effort estimation. In this work, we analyze the impact of hyper-parameter tuning on the accuracy and stability of CART using the grid search, random search, and DODGE approaches. We compared the results of CART with support vector regression (SVR) and ridge regression (RR) models. Results show that tuning improves the performance of CART models up to a maximum of 0.153 standardized accuracy and reduce its stability radio to a minimum of 0.819. Also, CART proved to be as competitive as SVR and outperformed RR.

Tipo de publicación: Book Chapter

Publicado en: Advances in Intelligent Systems and Computing

Measuring Students’ Source Code Quality in Software Development Projects Through Commit-Impact Analysis

Descripción:

Evaluating the quality of software engineering projects in university courses is challenging because it evolves over time and is a time consuming task. Students applying software quality principles need early and constant feedback on their projects to improve their technical competence as software developers. We conducted a case study to explore whether student’ changes have an impact on the project quality by mining a Git repository. We analyzed a total of 2253 changes (commits) from an undergraduate software engineering project to understand the impact on quality of each change measuring metrics (complexity, duplication, maintainability, and security) mined from the repository. This analysis allowed us to identify from students’ contributions challenges and improvement opportunities in engineering practices. As future work, we plan to analyze more projects and extend our analysis with more software metrics.

Tipo de publicación: Book Chapter

Publicado en: Advances in Intelligent Systems and Computing

Measuring students' contributions in software development projects using Git metrics

Descripción:

Many courses in the software engineering area are centered around team-based project development. Evaluating these projects is a challenge due to the difficulty of measuring individual student contributions versus team contributions. The adoption of distributed version control systems like Git enables the measurement of students' and teams' contributions to the project. In this work, we analyze the contributions within five software development projects from undergraduate courses that used project-based learning. For this, we generate visualizations of aggregated Git metrics using inequality indexes and inter-decile ratios, which offer insights into the practices and processes followed by students and teams throughout the project development. This approach allowed us to identify both inequality among students' contributions and development processes with a non-steady pace, rendering a useful feedback tool for instructors and students during the development of the project. Further studies can be conducted to assess the complexity and value of students' contributions by analyzing their source code commits and other software artifacts.

Tipo de publicación: Conference Paper

Publicado en: 2020 XLVI Latin American Computing Conference (CLEI)

Agent-Oriented Approaches for Model-Based Software Testing: A Mapping Study

Descripción:

Automated software testing reduces manual work, increases test coverage, and improves error detection. Model-Based Testing (MBT) is a testing approach that automatically executes test cases generated from a model representing the system behavior. The parallelization of MBT process stages, such as model creation and exploration, or test case generation and execution, could improve its scalability to handle complex systems. Agent-Oriented Software Testing (AOST) refers to the use of intelligent agents focusing on the automation of complex testing tasks. AOST could improve the testing process by providing a high level of decomposition, independence, parallel activation, intelligence, autonomy, sociality, mobility, and adaptation. In this work, we conducted a systematic mapping study of the existing AOST approaches for MBT. We identified 36 primary studies over the period 2002–2020. We classified agent approaches according to the MBT process stages, and tasks and roles covered as part of their implementation. We found 25 implementations of AOST approaches in the test case generation stage, 20 in the test execution, 10 in the model construction, and 3 in the test criteria selection. Studies reported the test generator role 25 times, test executor role 20 times, and the monitor-coordinator of activities 12 times. Additional studies to understand the benefits of agent-oriented approaches for model-based testing are required.

Tipo de publicación: Book Chapter

Publicado en: Advances in Intelligent Systems and Computing

Comparison of End-to-End Testing Tools for Microservices: A Case Study

Descripción:

Microservices has emerged as a architectural style that provides several benefits but also poses some challenges. One such challenge is testability, since an application may have hundreds or thousands of services operating together, and each of them needs to be tested as they evolve. To overcome this challenge, test automation is key, and together with it, the use of effective and efficient testing tools. Hence, we aim to contribute to this area by evaluating two tools that support end-to-end (E2E) testing of microservices. E2E tests allow to verify if the system works well as a whole (particularly relevant for systems made up of microservices). In this work, we first surveyed E2E testing tools reported in academic literature and by industry practitioners. Then, we applied the IEEE 14102-2010 standard to evaluate those tools. The two top-rated tools, Jaeger and Zipkin, were selected for further evaluation of their effectiveness and efficiency. Results from our case study reveal that Jaeger is more efficient and effective than Zipkinin terms of execution and failure detection times, as well as information provided to detect faults, severity and coverage.

Tipo de publicación: Book Chapter

Publicado en: Advances in Intelligent Systems and Computing

Blockchain para la seguridad de la Internet de las Cosas: un estudio terciario

Descripción:

La Internet de las cosas (IoT) y Blockchain son dos tecnologías que han tenido un crecimiento acelerado en los últimos años. Su integración permite aprovechar las cualidades de seguridad de Blockchain en el contexto de los datos producidos por la IoT. El objetivo de este estudio terciario es sintetizar el conocimiento existente sobre Blockchain aplicado a la seguridad de la IoT. Para ello se realizó un mapeo sistemático de literatura sobre 45 estudios secundarios publicados entre el 2017 y el 2019. Se identificaron 25 áreas, 17 usos, 41 frameworks, 38 beneficios y 40 desafíos. Los resultados indican que el área de aplicación más reportada es la Internet de la salud, el uso más común es el almacenamiento de datos, y el framework más usado es Ethereum. El mayor beneficio es la seguridad de los datos y el principal desafío es la escalabilidad.

Tipo de publicación: Journal Article

Publicado en: Revista Ibérica de Sistemas e Tecnologias de Informação

Herramientas para pruebas automatizadas de seguridad en aplicaciones Web: Un mapeo sistemático de la literatura

Descripción:

Las herramientas utilizadas para automatizar las pruebas de seguridad en aplicaciones Web son esenciales para detectar vulnerabilidades y prevenir ataques cibernéticos. En este estudio identificamos herramientas reportadas entre el 2006 y el 2019 para probar la seguridad de aplicaciones Web. Cada una de las herramientas es clasificada en términos de los tipos de vulnerabilidades que prueban. Para ello, realizamos un mapeo sistemático de la literatura en el que se analizaron 63 estudios primarios, de los cuales identificamos 66 herramientas utilizadas para realizar pruebas automatizadas de seguridad. Las herramientas se clasificaron según los tipos de la metodoloǵıa de pruebas de seguridad para determinar vulnerabilidades del proyecto abierto de seguridad en aplicaciones Web (OWASP). La categoŕıa de pruebas para detectar vulnerabilidades más común fue la de Input Validation Testing (4.8) con 55 herramientas, seguido de las pruebas de Configuration and Deployment Management Testing (4.3), Session Management Testing (4.7), y Client Side Testing (4.12) con 15 herramientas utilizadas cada una. Los tipos de pruebas más reportados fueron los de la categoŕıa Input Validation Testing (4.8). En este caso SQL Injection (4.8.5) con 40 herramientas, Cross-Site Scripting (4.8.2) con 30 herramientas, y Testing for HTTP Incoming Requests (4.8.17) con 19 herramientas utilizadas.

Tipo de publicación: Conference Paper

Publicado en: CIbSE

Automatic Classification of Web News: A Systematic Mapping Study

Descripción:

The number of news articles published on the Web has had a dramatic increase. News websites are overwhelmed daily with articles, and their processing and classification is a challenge. Reading news from the web has become an important citizen’s information source, and its classification can show relevant information about social or cultural patterns on society. In this context, techniques that can automatically analyze and classify news articles are essential. In particular, data mining and machine learning techniques have been applied for the classification of web news, as they can detect structural patterns based on documents characteristics. Their use requires specialized text processing and summarizing techniques. The objective of this study is to characterize data mining and machine learning techniques used for the web news classification, the datasets used, and the evaluation metrics. We performed a systematic literature mapping of 51 primary studies published between 2000 and 2019. We found that the most used techniques fall into these paradigms: clustering, support vector machines and generative models. Also, 33 studies used online data extracted from Internet’s news web pages, while 25 downloaded a previously published dataset. The most common metric is the F-measure, with 25 reports. In summary, several data mining and machine learning techniques have been applied to the automatic classification of web news, showing some trends regarding the techniques, datasets, and metrics.

Tipo de publicación: Book Chapter

Publicado en: Advances in Intelligent Systems and Computing

Using git metrics to measure students' and teams' code contributions in software development projects

Descripción:

Many software engineering courses are centered around team-based project development. Analyzing the source code contributions during the projects’ development could provide both instructors and students with constant feedback to identify common trends and behaviors that can be improved during the courses. Evaluating course projects is a challenge due to the difficulty of measuring individual student contributions versus team contributions during the development. The adoption of distributed version control sys-tems like git enable the measurement of students’ and teams’ contributions to the project.In this work, we analyze the contributions within eight software development projects,with 150 students in total, from undergraduate courses that used project-based learning.We generate visualizations of aggregated git metrics using inequality measures and the contribution per module, which offer insights into the practices and processes followed by students and teams throughout the project development. This approach allowed us to identify inequality among students’ contributions, the modules where students con-tributed, development processes with a non-steady pace, and integration practices render-ing a useful feedback tool for instructors and students during the project’s development.Further studies can be conducted to assess the quality, complexity, and ownership of the contributions by analyzing software artifacts.

Tipo de publicación: Journal Article

Publicado en: CLEI Electronic Journal

Data Mining and Machine Learning Techniques for Bank Customers Segmentation: A Systematic Mapping Study

Descripción:

Data mining and machine learning techniques analyze and extract useful information from data sets in order to solve problems in different areas. For the banking sector, knowing the characteristics of customers entails a business advantage since more personalized products and services can be offered. The goal of this study is to identify and characterize data mining and machine learning techniques used for bank customer segmentation, their support tools, together with evaluation metrics and datasets. We performed a systematic literature mapping of 87 primary studies published between 2005 and 2019. We found that decision trees and linear predictors were the most used data mining and machine learning paradigms in bank customer segmentation. From the 41 studies that reported support tools, Weka and Matlab were the two most commonly cited. Regarding the evaluation metrics and datasets, accuracy was the most frequently used metric, whereas the UCI Machine Learning repository from the University of California was the most used dataset. In summary, several data mining and machine learning techniques have been applied to the problem of customer segmentation, with clear tendencies regarding the techniques, tools, metrics and datasets.

Tipo de publicación: Book Chapter

Publicado en: Advances in Intelligent Systems and Computing

Desarrollo de un prototipo de herramienta para automatizar el conteo de puntos de función SNAP de la interfaz gráfica

Descripción:

El principal objetivo de medir el proceso de desarrollo de software es apoyar la toma de decisiones gerenciales. Estimar el tamaño, esfuerzo y tiempo que se necesita para producir un software es una tarea importante dentro de todo proceso de medición. Las estimaciones incorrectas pueden causar pérdidas económicas importantes a las empresas que desarrollen software . Un enfoque automático de medición de tamaño del software no funcional podría apoyar el proceso de estimación generando datos históricos en un menor tiempo, mejorando eventualmente la calidad de las estimaciones. En este trabajo se presentan los resultados de la creación y evaluación de un prototipo de herramienta de software que, calcula automáticamente el tamaño de los requisitos no funcionales (NFR por sus siglas en inglés) de la subcategoría de Interfaz de Usuario 2.1 del método SNAP (Software Non-functional Assessment Process). Para su desarrollo e implementación se utilizó la metodología Ciencias del Diseño basándose en el Modelo del Ciclo de Diseño, se seleccionó un conjunto de proyectos web, de los cuales se obtuvieron los requerimientos no funcionales. Posteriormente, se realizó un conteo manual de dichos requerimientos y se evaluó la exactitud de la herramienta en comparación con el conteo manual. Los resultados presentan un nivel de exactitud del 100% en el conteo de puntos SNAP para la categoría 2.1 interfaz gráfica. Sin embargo, hay ciertas diferencias en la detección correcta de propiedades de la interfaz de usuario que, aunque no afectaron a la exactitud final de la estimación, sí son incorrectas. Este trabajo aporta evidencia de la viabilidad del uso de un prototipo de herramienta de software que, por medio de reglas de mapeo aplicadas en el código ya desarrollado en HTML y CSS, puede automatizar el conteo de puntos SNAP para la subcategoría 2.1 interfaz gráfica.

Tipo de publicación: Conference Paper

Publicado en: V Congreso Internacional en Inteligencia Ambiental, Ingeniería de Software, Salud Electrónica y Móvil - AmITIC 2022

Development of a prototype tool to automate the counting of SNAP function points of the graphical interface

Descripción:

In this work we present the results of the creation and evaluation of a tool prototype that automatically calculates the size of the non-functional requirements (NFR) of the User Interface 2.1 subcategory of the SNAP (Software Non-functional Requirements) method. Assessment Process). We evaluated the accuracy of the tool compared to manual counting and results show an accuracy level of 100% in SNAP point counting for category 2.1 graphical interface, although with some differences in the correct detection of user interface properties. This work demonstrates the feasibility of a software tool to automate the counting of SNAP points.

Tipo de publicación: Conference Paper

Publicado en: 2022 V Congreso Internacional en Inteligencia Ambiental, Ingeniería de Software y Salud Electrónica y Móvil (AmITIC)