Automated Checking of Web Application Invocations

HTTP based invocations allow web application components to communicate among themselves and build dynamic customized web pages. Invocations are widely used by web applications, but are a common source of errors. Existing techniques are only able to verify limited correctness properties of web application invocations and omit key properties, such as an argument's type and value must match its target parameter's domain. This paper presents the first approach for verifying these correctness properties of web application invocations. An empirical evaluation of the technique shows that it is able to identify, with high precision, over 30% more invocation errors than were previously identified and that the approach has a low analysis runtime cost.

[1]  Magnus Madsen,et al.  Modeling the HTML DOM and browser API in static analysis of JavaScript web applications , 2011, ESEC/FSE '11.

[2]  Paolo Tonella,et al.  Analysis and testing of Web applications , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[3]  Gregg Rothermel,et al.  Leveraging user-session data to support Web application testing , 2005, IEEE Transactions on Software Engineering.

[4]  Xiaoping Jia,et al.  Rigorous and Automatic Testing of Web Applications , 2002 .

[5]  Gregg Rothermel,et al.  Dynamic Characterization of Web Application Interfaces , 2007, FASE.

[6]  Yasuhiko Minamide,et al.  Static approximation of dynamically generated Web pages , 2005, WWW '05.

[7]  A. Jefferson Offutt,et al.  Testing Web applications by modeling with FSMs , 2005, Software & Systems Modeling.

[8]  Aske Simon Christensen,et al.  Precise Analysis of String Expressions , 2003, SAS.

[9]  Gregg Rothermel,et al.  Helping end-users "engineer" dependable Web applications , 2005, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05).

[10]  Arie van Deursen,et al.  Invariant-based automatic testing of AJAX user interfaces , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[11]  Frank Tip,et al.  Finding bugs in dynamic web applications , 2008, ISSTA '08.

[12]  Alessandro Orso,et al.  Automated identification of parameter mismatches in web applications , 2008, SIGSOFT '08/FSE-16.

[13]  A. Jefferson Offutt,et al.  Bypass testing of Web applications , 2004, 15th International Symposium on Software Reliability Engineering.

[14]  Claus Brabrand,et al.  The bigwig Project , 2000 .

[15]  Gregg Rothermel,et al.  Web application characterization through directed requests , 2006, WODA '06.

[16]  Shih-Kun Huang,et al.  Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.

[17]  A. Jefferson Offutt,et al.  Applying Mutation Testing to Web Applications , 2010, 2010 Third International Conference on Software Testing, Verification, and Validation Workshops.

[18]  William G. J. Halfond Domain and value checking of web application invocation arguments , 2011, 2011 26th IEEE/ACM International Conference on Automated Software Engineering (ASE 2011).

[19]  Michael Benedikt,et al.  VeriWeb: Automatically Testing Dynamic Web Sites , 2002 .

[20]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[21]  Alessandro Orso,et al.  Improving test case generation for web applications using automated interface discovery , 2007, ESEC-FSE '07.