inline-defaultCreated with Sketch.
inline-defaultCreated with Sketch.
HomeUniversitiesProgramsStudents & Alumni
search
Students
Masters

FUNCTIONAL AND SECURITY TESTING TECHNIQUES

University of Genoa
Genoa , Italy
Visit Program Website
Students
Tuition Fee
Not Available
Start Date
Not Available
Medium of studying
Not Available
Duration
Not Available
Details
About Program
About University
Gallery
Contact School
Details
Program Details
Degree
Masters
Major
Computer Science | Cybersecurity | Software Testing
Area of study
Information and Communication Technologies | Engineering
Course Language
English
About Program

Program Overview

FUNCTIONAL AND SECURITY TESTING TECHNIQUES

COURSE INFORMATION

  • Academic Year: 2025/2026
  • Credits: 6 cfu
  • Scientific Disciplinary Sector: INF/01
  • Language: English
  • Teaching Location: Genova
  • Semester: 2° Semester

PREREQUISITES

  • Propedeuticità in uscita
  • This course is propedeutic for the following courses:
    • COMPUTER SCIENCE 11964 (coorte 2025/2026)
    • CAPSTONE PROJECT

OVERVIEW

This course aims at providing the foundations behind functional and security testing. Testing is the key activity for ensuring software quality during software development. To be effective, both functional and security aspects should be considered. Security testing is very different from functional testing since the goal is not detecting software defects (i.e., unexpected behaviors) but revealing flaws in the security mechanisms of the application under test.


AIMS AND CONTENT

LEARNING OUTCOMES

Learning the fundamentals in functional and security testing of software systems, with special emphasis on challenges posed by Web and Mobile applications, and getting acquainted with automated tools used to practice testing techniques.


AIMS AND LEARNING OUTCOMES

Students will learn the fundamentals in functional and security testing of software systems, with special emphasis on challenges posed by Web applications and using automated testing tools. Students will see the many facets of the problem and will learn methodologies, approaches, and techniques to check the quality of complex software systems. At the end of the course, students will be able to:


  • Understand and apply the differences between functionality and security testing
  • Understand fundamental concepts of software testing (e.g., manual vs automated testing)
  • Use established techniques/approaches/tools for designing and executing functional tests
  • Learn how attackers succeed in breaking applications
  • Learn how to protect a web application from known threats
  • Understand the attack target possibilities of web apps
  • Understand the 'Top Ten' vulnerabilities proposed by OWASP
  • Understand network protocols functioning and related security aspects
  • Get hands-on Web application testing techniques (both functional and security), using, e.g., selenium, burp suite, wpscan, sqlmap, and other automated tools
  • Incorporate software testing as a continuous process

PREREQUISITES FOR THE COURSE

  • Object-Oriented and procedural/imperative programming fundamentals (in particular, basic knowledge of Java, Javascript, PHP, Node.js, and SQL languages)
  • Basic knowledge of Web applications
  • Basic knowledge of Bash
  • Basic knowledge of Docker and containerized environments

TEACHING METHODS

The teaching is a combination between presentation of theoretical concepts and exercises and discussions. It is dialogue-oriented and with a practical approach. The course includes laboratory activities that can also be carried out in groups. Mandatory assignments which must be completed during the course will be provided to the students.


SYLLABUS/CONTENT

This course aims at providing the foundations behind functional and security testing. Current testing practices are quite effort-intensive since they rely heavily on manual activities. Test automation aims at reducing the cost of testing by automating several of the involved activities.


The laboratory, which constitutes an integral part of the course, will give the students a hands-on opportunity to see the analysis and testing techniques (both functional and security) applied to real case studies.


FUNCTIONAL TESTING

  • Course introduction: fundamentals of functional and security testing
  • Manual vs automated testing
    • Software testing essential techniques
    • Introduction to continuous testing (DevOps)
    • Introduction to a continuous integration and continuous delivery (CI/CD) platform (e.g., GitHub Actions)
  • Data-driven testing
  • Automation Tools for Unit testing (e.g., xUnit or TestNG)
  • Web application testing
    • E2E testing approach
    • Approaches for generating E2E test cases
    • Introduction to Selenium IDE and Selenium WebDriver
    • Cross-browser testing
    • Test automation best practices
      • Page Object Model
  • Testing tools
    • Capture/Replay vs. Programmable
    • DOM-based vs. Visual

SECURITY TESTING

  • Introduction to cybersecurity
  • Automated security tools
    • Burp suite, wpscan, sqlmap
  • The HTTP protocol
  • The penetration testing life cycle and related processes and tools
  • Command injection
  • Client-side vulnerabilities
  • Denial of Service attacks

RECOMMENDED READING/BIBLIOGRAPHY

  • Web Application Security: Exploitation and Countermeasures for Modern Web Applications by Andrew Hoffman
  • Web Security Academy
  • Hands-On Selenium WebDriver with Java by Boni Garcia

TEACHERS AND EXAM BOARD

  • Filippo Ricca
  • Enrico Cambiaso

EXAMS

EXAM DESCRIPTION

The objective of the verification procedure is to quantify, for each student, the level of achievement of the educational objectives. The verification procedure consists of evaluating certain guided laboratories and a written test.


EXAMINATION

The exam consists of the following activities:


  • Laboratory activities
  • Written test

LABORATORY ACTIVITIES

The course includes laboratory activities to be carried out. For some of these activities, the submission of the work done will be required and evaluated. For others, students' participation will simply be monitored. Alternative activities to be submitted via AulaWeb will be proposed for those (e.g., working students) who are unable to attend laboratory activities.


WRITTEN TEST

The written test will consist of multiple-choice questions. The questions will be both theoretical and practical and will focus on the topics/tools covered in class. During the lessons, some examples of possible questions and exercises for each topic will be discussed so that the type of test is clear at the end of the course.


ASSESSMENT METHODS

The laboratory activities aim to assess the understanding of the proposed tools and techniques. The written test has the dual objective of verifying the knowledge of the fundamental aspects of the discipline and assessing the students' participation in the guided laboratories.


EXAM SCHEDULE

  • 13/02/2026, 09:00, Genova
  • 05/06/2026, 09:00, Genova
  • 11/09/2026, 09:00, Genova

FURTHER INFORMATION

For further information, please refer to the course's AulaWeb module.


AGENDA 2030 - SUSTAINABLE DEVELOPMENT GOALS

  • Quality education
See More