Precise interface identification to improve testing and analysis of web applications

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Precise interface identification to improve testing and analysis of web applications

Full text

Pdf (489 KB)

Source

International Symposium on Software Testing and Analysis archive
Proceedings of the eighteenth international symposium on Software testing and analysis table of contents

Chicago, IL, USA

SESSION: Domain-specific testing techniques table of contents

Pages 285-296

Year of Publication: 2009

ISBN:978-1-60558-338-9

Authors

William G.J. Halfond	Georgia Institute of Technology, Atlanta, GA, USA
Saswat Anand	Georgia Institute of Technology, Atlanta, GA, USA
Alessandro Orso	Georgia Institute of Technology, Atlanta, GA, USA

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering
SIGPLAN: ACM Special Interest Group on Programming Languages
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 50, Downloads (12 Months): 147, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1572272.1572305 What is a DOI?

ABSTRACT

As web applications become more widespread, sophisticated, and complex, automated quality assurance techniques for such applications have grown in importance. Accurate interface identification is fundamental for many of these techniques, as the components of a web application communicate extensively via implicitly-defined interfaces to generate customized and dynamic content. However, current techniques for identifying web application interfaces can be incomplete or imprecise, which hinders the effectiveness of quality assurance techniques. To address these limitations, we present a new approach for identifying web application interfaces that is based on a specialized form of symbolic execution. In our empirical evaluation, we show that the set of interfaces identified by our approach is more accurate than those identified by other approaches. We also show that this increased accuracy leads to improvements in several important quality assurance techniques for web applications: test-input generation, penetration testing, and invocation verification.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	S. Anand, A. Orso, and M. J. Harrold. Type-dependence Analysis and Program Transformation for Symbolic Execution. In Proc. TACAS, pages 117--133, 2007.
	2	S. Anand, C. S. Pasareanu, and W. Visser. JPF-SE: A Symbolic Execution Extension to Java Pathfinder. In Proc. TACAS, pages 134--138, 2007.
	3	A. A. Andrews, J. Offutt, and R. T. Alexander. Testing Web Applications by Modeling with FSMs. In Software Systems and Modeling, pages 326--345, July 2005.
	4	Shay Artzi , Adam Kiezun , Julian Dolby , Frank Tip , Danny Dig , Amit Paradkar , Michael D. Ernst, Finding bugs in dynamic web applications, Proceedings of the 2008 international symposium on Software testing and analysis, July 20-24, 2008, Seattle, WA, USA [doi>10.1145/1390630.1390662]
	5	Yuetang Deng , Phyllis Frankl , Jiong Wang, Testing web database applications, ACM SIGSOFT Software Engineering Notes, v.29 n.5, September 2004 [doi>10.1145/1022494.1022528]
	6	Sebastian Elbaum , Kalyan-Ram Chilakamarri , Marc Fisher, II , Gregg Rothermel, Web application characterization through directed requests, Proceedings of the 2006 international workshop on Dynamic systems analysis, May 23-23, 2006, Shanghai, China [doi>10.1145/1138912.1138923]
	7	Sebastian Elbaum , Srikanth Karre , Gregg Rothermel, Improving web application testing with user session data, Proceedings of the 25th International Conference on Software Engineering, May 03-10, 2003, Portland, Oregon
	8	Sebastian Elbaum , Gregg Rothermel , Srikanth Karre , Marc Fisher II, Leveraging User-Session Data to Support Web Application Testing, IEEE Transactions on Software Engineering, v.31 n.3, p.187-202, March 2005 [doi>10.1109/TSE.2005.36]
	9	Michael Emmi , Rupak Majumdar , Koushik Sen, Dynamic test input generation for database applications, Proceedings of the 2007 international symposium on Software testing and analysis, July 09-12, 2007, London, United Kingdom [doi>10.1145/1273463.1273484]
	10	William G. J. Halfond , Shauvik Roy Choudhary , Alessandro Orso, Penetration Testing with Improved Input Vector Identification, Proceedings of the 2009 International Conference on Software Testing Verification and Validation, p.346-355, April 01-04, 2009 [doi>10.1109/ICST.2009.26]
	11	William G. J. Halfond , Alessandro Orso, Command-Form Coverage for Testing Database Applications, Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering, p.69-80, September 18-22, 2006 [doi>10.1109/ASE.2006.27]
	12	William G. J. Halfond , Alessandro Orso, Improving test case generation for web applications using automated interface discovery, Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering, September 03-07, 2007, Dubrovnik, Croatia [doi>10.1145/1287624.1287646]
	13	William G. J. Halfond , Alessandro Orso, Automated identification of parameter mismatches in web applications, Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering, November 09-14, 2008, Atlanta, Georgia [doi>10.1145/1453101.1453126]
	14	Yao-Wen Huang , Shih-Kun Huang , Tsung-Po Lin , Chung-Hung Tsai, Web application security assessment by fault injection and behavior monitoring, Proceedings of the 12th international conference on World Wide Web, May 20-24, 2003, Budapest, Hungary [doi>10.1145/775152.775174]
	15	X. Jia and H. Liu. Rigorous and Automatic Testing of Web Applications. In 6th IASTED International Conference on Software Engineering and Applications, pages 280--285, November 2002.
	16	Chaitanya Kallepalli , Jeff Tian, Measuring and Modeling Usage and Reliability for Statistical Web Testing, IEEE Transactions on Software Engineering, v.27 n.11, p.1023-1036, November 2001 [doi>10.1109/32.965342]
	17	S. Khurshid, C. Păsăreanu, and W. Visser. Generalized Symbolic Execution for Model Checking and Testing. In Proc. TACAS, pages 553--568, 2003.
	18	James C. King, Symbolic execution and program testing, Communications of the ACM, v.19 n.7, p.385-394, July 1976 [doi>10.1145/360248.360252]
	19	Filippo Ricca , Paolo Tonella, Analysis and testing of Web applications, Proceedings of the 23rd International Conference on Software Engineering, p.25-34, May 12-19, 2001, Toronto, Ontario, Canada
	20	Jessica Sant , Amie Souter , Lloyd Greenwald, An exploration of statistical models for automated test case generation, Proceedings of the third international workshop on Dynamic analysis, p.1-7, May 17-17, 2005, St. Louis, Missouri
	21	Paolo Tonella , Filippo Ricca, Dynamic Model Extraction and Statistical Analysis of Web Applications, Proceedings of the Fourth International Workshop on Web Site Evolution (WSE'02), p.43, October 02-02, 2002
	22	Willem Visser , Klaus Havelund , Guillaume Brat , Seungjoon Park , Flavio Lerda, Model Checking Programs, Automated Software Engineering, v.10 n.2, p.203-232, April 2003 [doi>10.1023/A:1022920129859]
	23	Gary Wassermann , Dachuan Yu , Ajay Chander , Dinakar Dhurjati , Hiroshi Inamura , Zhendong Su, Dynamic test input generation for web applications, Proceedings of the 2008 international symposium on Software testing and analysis, July 20-24, 2008, Seattle, WA, USA [doi>10.1145/1390630.1390661]