Results 1 - 10
of
59
Finding bugs in dynamic web applications
"... Web script crashes and malformed dynamically-generated web pages are common errors, and they seriously impact usability of web applications. Current tools for web-page validation cannot handle the dynamically-generated pages that are ubiquitous on today’s Internet. In this work, we apply a dynamic t ..."
Abstract
-
Cited by 58 (6 self)
- Add to MetaCart
Web script crashes and malformed dynamically-generated web pages are common errors, and they seriously impact usability of web applications. Current tools for web-page validation cannot handle the dynamically-generated pages that are ubiquitous on today’s Internet. In this work, we apply a dynamic test generation technique, based on combined concrete and symbolic execution, to the domain of dynamic web applications. The technique generates tests automatically and minimizes the bug-inducing inputs to reduce duplication and to make the bug reports small and easy to understand and fix. We implemented the technique in Apollo, an automated tool that found dozens of bugs in real PHP applications. Apollo generates test inputs for the web application, monitors the application for crashes, and validates that the output conforms to the HTML specification. This paper presents Apollo’s algorithms and implementation, and an experimental evaluation that revealed a total of 214 bugs in 4 open-source PHP web applications.
Improving Test Case Generation for Web Applications Using Automated Interface Discovery
- The 6th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering ESEC/FSE'07
, 2007
"... With the growing complexity of web applications, identifying web interfaces that can be used for testing such applications has become increasingly challenging. Many techniques that work effectively when applied to simple web applications are insufficient when used on modern, dynamic web applications ..."
Abstract
-
Cited by 45 (11 self)
- Add to MetaCart
With the growing complexity of web applications, identifying web interfaces that can be used for testing such applications has become increasingly challenging. Many techniques that work effectively when applied to simple web applications are insufficient when used on modern, dynamic web applications, and may ultimately result in inadequate testing of the applications ’ functionality. To address this issue, we present a technique for automatically discovering web application interfaces based on a novel static analysis algorithm. We also report the results of an empirical evaluation in which we compare our technique against a traditional approach. The results of the comparison show that our technique can (1) discover a higher number of interfaces and (2) help generate test inputs that achieve higher coverage.
Precise interface identification to improve testing and analysis of web applications
- IN PROC. INTERNATIONAL SYMPOSIUM ON SOFTWARE TESTING AND ANALYSIS. ACM
, 2009
"... As web applications become more widespread, sophisticated, and complex, automated quality assurance techniques for such applications have grown in importance. Accurate interface identification is fundamental for many of these techniques, as the components of a web application communicate extensively ..."
Abstract
-
Cited by 34 (1 self)
- Add to MetaCart
As web applications become more widespread, sophisticated, and complex, automated quality assurance techniques for such applications have grown in importance. Accurate interface identification is fundamental for many of these techniques, as the components of a web application communicate extensively via implicitly-defined interfaces to generate customized and dynamic content. However, current techniques for identifying web application interfaces can be incomplete or imprecise, which hinders the effectiveness of quality assurance techniques. To address these limitations, we present a new approach for identifying web application interfaces that is based on a specialized form of symbolic execution. In our empirical evaluation, we show that the set of interfaces identified by our approach is more accurate than those identified by other approaches. We also show that this increased accuracy leads to improvements in several important quality assurance techniques for web applications: test-input generation, penetration testing, and invocation verification.
Automated Web Application Testing Using Search Based Software Engineering
- In 26 th IEEE/ACM International Conference on Automated Software Engineering
, 2011
"... Abstract—This paper introduces three related algorithms and a tool, SWAT, for automated web application testing using Search Based Software Testing (SBST). The algorithms significantly enhance the efficiency and effectiveness of traditional search based techniques exploiting both static and dynamic ..."
Abstract
-
Cited by 22 (9 self)
- Add to MetaCart
(Show Context)
Abstract—This paper introduces three related algorithms and a tool, SWAT, for automated web application testing using Search Based Software Testing (SBST). The algorithms significantly enhance the efficiency and effectiveness of traditional search based techniques exploiting both static and dynamic analysis. The combined approach yields a 54 % increase in branch coverage and a 30 % reduction in test effort. Each improvement is separately evaluated in an empirical study on 6 real world web applications. Index Terms—SBSE; Automated Test data generation; Web applications I.
Testing Web-based applications: The state of the art and future trends.
- Information and Software Technology.
, 2006
"... Abstract Software testing is a diYcult task and testing Web-based applications may be even more diYcult, due to the peculiarities of such applications. In the last years, several problems in the Weld of Web-based applications testing have been addressed by research work, and several methods and tec ..."
Abstract
-
Cited by 22 (0 self)
- Add to MetaCart
(Show Context)
Abstract Software testing is a diYcult task and testing Web-based applications may be even more diYcult, due to the peculiarities of such applications. In the last years, several problems in the Weld of Web-based applications testing have been addressed by research work, and several methods and techniques have been deWned and used to test Web-based applications eVectively. This paper will present the main diVerences between Web-based applications and traditional ones, how these diVerences impact the testing of the former ones, and some relevant contributions in the Weld of Web application testing developed in recent years. The focus is mainly on testing the functionality of a Web-based application, even if some discussion about the testing of non-functional requirements is provided too. Some indications about future trends in Web application testing are also outlined in the paper.
Web Application Characterization through Directed Requests
"... Web applications are increasingly prominent in society, serving a wide variety of user needs. Engineers seeking to enhance, test, and maintain these applications must be able to understand and characterize their interfaces. Third-party programmers (professional or end user) wishing to incorporate th ..."
Abstract
-
Cited by 17 (6 self)
- Add to MetaCart
(Show Context)
Web applications are increasingly prominent in society, serving a wide variety of user needs. Engineers seeking to enhance, test, and maintain these applications must be able to understand and characterize their interfaces. Third-party programmers (professional or end user) wishing to incorporate the data provided by such services into their own applications would also benefit from such characterization when the target site does not provide adequate programmatic interfaces. In this paper, therefore, we present methodologies for characterizing the interfaces to web applications through a form of dynamic analysis, in which directed requests are sent to the application, and responses are analyzed to draw inferences about its interface. We also provide mechanisms to increase the scalability of the approach, such as a mechanism based on intelligent request selection. Finally, we evaluate the approach’s performance on three well-known, non-trivial web applications.
Dynamic Characterization of Web Application Interfaces
, 2006
"... Web applications are increasingly prominent in society, serving a wide variety of user needs. Engineers seeking to enhance, test, and maintain these applications and third-party programmers wishing to utilize these applications need to understand their interfaces. In this paper, therefore, we presen ..."
Abstract
-
Cited by 15 (5 self)
- Add to MetaCart
Web applications are increasingly prominent in society, serving a wide variety of user needs. Engineers seeking to enhance, test, and maintain these applications and third-party programmers wishing to utilize these applications need to understand their interfaces. In this paper, therefore, we present methodologies for characterizing the interfaces of web applications through a form of dynamic analysis, in which directed requests are sent to the application, and responses are analyzed to draw inferences about its interface. We also provide mechanisms to increase the scalability of the approach. Finally, we evaluate the approach’s performance on six non-trivial web applications.
Invariant-based automatic testing of modern web applications
- IEEE Transactions on Software Engineering (TSE
, 2012
"... Abstract — AJAX-based Web 2.0 applications rely on stateful asynchronous client/server communication, and client-side runtime manipulation of the DOM tree. This not only makes them fundamentally different from traditional web applications, but also more error-prone and harder to test. We propose a m ..."
Abstract
-
Cited by 14 (6 self)
- Add to MetaCart
(Show Context)
Abstract — AJAX-based Web 2.0 applications rely on stateful asynchronous client/server communication, and client-side runtime manipulation of the DOM tree. This not only makes them fundamentally different from traditional web applications, but also more error-prone and harder to test. We propose a method for testing AJAX applications automatically, based on a crawler to infer a state-flow graph for all (client-side) user interface states. We identify AJAX-specific faults that can occur in such states (related to, e.g., DOM validity, error messages, discoverability, back-button compatibility) as well as DOM-tree invariants that can serve as oracles to detect such faults. Our approach, called ATUSA, is implemented in a tool offering generic invariant checking components, a plugin-mechanism to add application-specific state validators, and generation of a test suite covering the paths obtained during crawling. We describe three case studies, consisting of six subjects, evaluating the type of invariants that can be obtained for AJAX applications as well as the fault revealing capabilities, scalability, required manual effort, and level of automation of our testing approach. Index Terms—Automated testing, web applications, Ajax. Ç 1
Automatically generating realistic test input from web services
- In IEEE 6th International Symposium on Service Oriented System Engineering (SOSE
, 2011
"... Abstract—Generating realistic test data is a major problem for software testers. Realistic test data generation for certain input types is hard to automate and therefore laborious. We propose a novel automated solution to test data generation that exploits existing web services as sources of realist ..."
Abstract
-
Cited by 10 (5 self)
- Add to MetaCart
(Show Context)
Abstract—Generating realistic test data is a major problem for software testers. Realistic test data generation for certain input types is hard to automate and therefore laborious. We propose a novel automated solution to test data generation that exploits existing web services as sources of realistic test data. Our approach is capable of generating realistic test data and also generating data based on tester-specified constraints. In experimental analysis, our prototype tool achieved between 93 % and 100 % success rates in generating realistic data using service compositions while random test data generation achieved only between 2 % and 34%. I.
Mutating Database Queries
- Information and Software Technology
"... A set of mutation operators for SQL queries that retrieve information from a database is developed and tested against a set of queries drawn from the NIST SQL Conformance Test Suite. The mutation operators cover a wide spectrum of SQL features, including the handling of null values. Additional exper ..."
Abstract
-
Cited by 8 (2 self)
- Add to MetaCart
(Show Context)
A set of mutation operators for SQL queries that retrieve information from a database is developed and tested against a set of queries drawn from the NIST SQL Conformance Test Suite. The mutation operators cover a wide spectrum of SQL features, including the handling of null values. Additional experiments are performed to explore whether the cost of executing mutants can be reduced using selective mutation or the test suite size can be reduced by using an appropriate ordering of the mutants. The SQL mutation approach can be helpful in assessing the adequacy of database test cases and their development, and as a tool for systematically injecting faults in order to compare different database testing techniques.
