Quality assurance techniques for web applications have become increasingly important as web applications have gained in popularity and become an essential part of our daily lives. To integrate content and data from multiple sources, the components of a web application communicate extensively among themselves. Unlike traditional program modules, the components communicate through interfaces and invocations that are not explicitly declared. Because of this, the communication between two components can fail due to a parameter mismatch between the interface invoked by a calling component and the interface provided by the called component. Parameter mismatches can cause serious errors in the web application and are difficult to identify using traditional testing and verification techniques. To address this problem, we propose a static-analysis based approach for identifying parameter mismatches. We also present an empirical evaluation of the approach, which we performed on a set of real web applications. The results of the evaluation are promising; our approach discovered 133 parameter mismatches in the subject applications.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Shay Artzi , Adam Kiezun , Julian Dolby , Frank Tip , Danny Dig , Amit Paradkar , Michael D. Ernst, Finding bugs in dynamic web applications, Proceedings of the 2008 international symposium on Software testing and analysis, July 20-24, 2008, Seattle, WA, USA  [doi>10.1145/1390630.1390662]
	2	Aysu Betin-Can , Tevfik Bultan, Verifiable Web Services with Hierarchical Interfaces, Proceedings of the IEEE International Conference on Web Services, p.85-94, July 11-15, 2005  [doi>10.1109/ICWS.2005.128]
	3	Claus Braband , Anders Møller , Michael Schwartzbach, Static validation of dynamically generated HTML, Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, p.38-45, June 2001, Snowbird, Utah, United States  [doi>10.1145/379605.379657]
	4	Tevfik Bultan, Modeling Interactions of Web Software, Proceedings of the 2nd Int'l. Workshop on Automated Specification and Verification of Web Systems, p.45-52, November 19-19, 2006  [doi>10.1109/WWV.2006.10]
	5	A. S. Christensen, A. Møller, and M. I. Schwartzbach. Precise Analysis of String Expressions. In Proceedings 10th International Static Analysis Symposium, Jun. 2003.
	6	Yuetang Deng , Phyllis Frankl , Jiong Wang, Testing web database applications, ACM SIGSOFT Software Engineering Notes, v.29 n.5, September 2004  [doi>10.1145/1022494.1022528]
	7	Sebastian Elbaum , Kalyan-Ram Chilakamarri , Bhuvana Gopal , Gregg Rothermel, Helping End-Users "Engineer" Dependable Web Applications, Proceedings of the 16th IEEE International Symposium on Software Reliability Engineering, p.31-40, November 08-11, 2005  [doi>10.1109/ISSRE.2005.20]
	8	H. Foster, S. Uchitel, J. Magee, and J. Kramer. Model-based Verification of Web Service Compositions In Proceedings of the International Conference on Automated Software Engineering, 2003.
	9	X. Fu, T. Bultan, and J. Su. WSAT: A Tool for Formal Analysis of Web Services In Proceedings of 16th International Conference on Computer Aided Verification (CAV), 2004.
	10	Carl Gould , Zhendong Su , Premkumar Devanbu, Static Checking of Dynamically Generated Queries in Database Applications, Proceedings of the 26th International Conference on Software Engineering, p.645-654, May 23-28, 2004
	11	William G. J. Halfond , Alessandro Orso , Panagiotis Manolios, Using positive tainting and syntax-aware evaluation to counter SQL injection attacks, Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering, November 05-11, 2006, Portland, Oregon, USA  [doi>10.1145/1181775.1181797]
	12	William G. J. Halfond , Alessandro Orso, Improving test case generation for web applications using automated interface discovery, Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering, September 03-07, 2007, Dubrovnik, Croatia  [doi>10.1145/1287624.1287646]
	13	Daniel R. Licata , Shriram Krishnamurthi, Verifying Interactive Web Programs, Proceedings of the 19th IEEE international conference on Automated software engineering, p.164-173, September 20-24, 2004  [doi>10.1109/ASE.2004.76]
	14	Yasuhiko Minamide, Static approximation of dynamically generated Web pages, Proceedings of the 14th international conference on World Wide Web, May 10-14, 2005, Chiba, Japan  [doi>10.1145/1060745.1060809]
	15	S. K. Rajamani and J. Rehof. Models for Contract Conformance In Proceedings of the First International Symposium on Leveraging Applications of Formal Methods, 2004
	16	Filippo Ricca , Paolo Tonella, Analysis and testing of Web applications, Proceedings of the 23rd International Conference on Software Engineering, p.25-34, May 12-19, 2001, Toronto, Ontario, Canada