A formal model representing the navigation behavior of a Web application as the Kripke structure is proposed and an approach that applies model checking to test case generation is presented. The Object Relation Diagra...A formal model representing the navigation behavior of a Web application as the Kripke structure is proposed and an approach that applies model checking to test case generation is presented. The Object Relation Diagram as the object model is employed to describe the object structure of a Web application design and can be translated into the behavior model. A key problem of model checking-based test generation for a Web application is how to construct a set of trap properties that intend to cause the violations of model checking against the behavior model and output of counterexamples used to construct the test sequences. We give an algorithm that derives trap properties from the object model with respect to node and edge coverage criteria.展开更多
In order to improve the efficiency of regression testing in web application,the control flow graph and the greedy algorithm are adopted.This paper considers a web page as a basic unit and introduces a test case select...In order to improve the efficiency of regression testing in web application,the control flow graph and the greedy algorithm are adopted.This paper considers a web page as a basic unit and introduces a test case selection method for web application regression testing based on the control flow graph.This method is safe enough to the test case selection.On the base of features of request sequence in web application,the minimization technique and the priority of test cases are taken into consideration in the process of execution of test cases in regression testing for web application.The improved greedy algorithm is also raised resulting in optimization of execution of test cases.The experiments indicate that the number of test cases which need to be retested is reduced,and the efficiency of execution of test cases is also improved.展开更多
Forms enhance both the dynamic and interactive abilities of Web applications and the system complexity. And it is especially important to test forms completely and thoroughly. Therefore, this paper discusses how to ca...Forms enhance both the dynamic and interactive abilities of Web applications and the system complexity. And it is especially important to test forms completely and thoroughly. Therefore, this paper discusses how to carry out the form testing by different methods in the related testing phases. Namely, at first, automatically abstracting forms in the Web pages by parsing the HTML documents; then, ohtai ning the testing data with a certain strategies, such as by requirement specifications, by mining users' hefore input informarion or by recording meehanism; and next executing the testing actions automatically due to the well formed test cases; finally, a case study is given to illustrate the convenient and effective of these methods.展开更多
As the increasing popularity and complexity of Web applications and the emergence of their new characteristics, the testing and maintenance of large, complex Web applications are becoming more complex and difficult. W...As the increasing popularity and complexity of Web applications and the emergence of their new characteristics, the testing and maintenance of large, complex Web applications are becoming more complex and difficult. Web applications generally contain lots of pages and are used by enormous users. Statistical testing is an effective way of ensuring their quality. Web usage can be accurately described by Markov chain which has been proved to be an ideal model for software statistical testing. The results of unit testing can be utilized in the latter stages, which is an important strategy for bottom-to-top integration testing, and the other improvement of extended Markov chain model (EMM) is to present the error type vector which is treated as a part of page node. this paper also proposes the algorithm for generating test cases of usage paths. Finally, optional usage reliability evaluation methods and an incremental usability regression testing model for testing and evaluation are presented. Key words statistical testing - evaluation for Web usability - extended Markov chain model (EMM) - Web log mining - reliability evaluation CLC number TP311. 5 Foundation item: Supported by the National Defence Research Project (No. 41315. 9. 2) and National Science and Technology Plan (2001BA102A04-02-03)Biography: MAO Cheng-ying (1978-), male, Ph.D. candidate, research direction: software testing. Research direction: advanced database system, software testing, component technology and data mining.展开更多
Vulnerability-testing Oriented Petri Net (VOPN), a vulnerability testing model for communication protocol is brought forward first, which is combined Petri Net system with protocol Syntax analysis. Then vulnerabilit...Vulnerability-testing Oriented Petri Net (VOPN), a vulnerability testing model for communication protocol is brought forward first, which is combined Petri Net system with protocol Syntax analysis. Then vulnerability testing of implementation of HTTP protocol based on VOPN is made and the process is analyzed to prove the feasibility of the model.展开更多
Web application fingerprint recognition is an effective security technology designed to identify and classify web applications,thereby enhancing the detection of potential threats and attacks.Traditional fingerprint r...Web application fingerprint recognition is an effective security technology designed to identify and classify web applications,thereby enhancing the detection of potential threats and attacks.Traditional fingerprint recognition methods,which rely on preannotated feature matching,face inherent limitations due to the ever-evolving nature and diverse landscape of web applications.In response to these challenges,this work proposes an innovative web application fingerprint recognition method founded on clustering techniques.The method involves extensive data collection from the Tranco List,employing adjusted feature selection built upon Wappalyzer and noise reduction through truncated SVD dimensionality reduction.The core of the methodology lies in the application of the unsupervised OPTICS clustering algorithm,eliminating the need for preannotated labels.By transforming web applications into feature vectors and leveraging clustering algorithms,our approach accurately categorizes diverse web applications,providing comprehensive and precise fingerprint recognition.The experimental results,which are obtained on a dataset featuring various web application types,affirm the efficacy of the method,demonstrating its ability to achieve high accuracy and broad coverage.This novel approach not only distinguishes between different web application types effectively but also demonstrates superiority in terms of classification accuracy and coverage,offering a robust solution to the challenges of web application fingerprint recognition.展开更多
Virtual instrument is playing the important role in automatic test system. This paper introduces a composition of a virtual instrument automatic test system and takes the VXIbus based a test software platform which is...Virtual instrument is playing the important role in automatic test system. This paper introduces a composition of a virtual instrument automatic test system and takes the VXIbus based a test software platform which is developed by CAT lab of the UESTC as an example. Then a method to model this system based on Petri net is proposed. Through this method, we can analyze the test task scheduling to prevent the deadlock or resources conflict. At last, this paper analyzes the feasibility of this method.展开更多
Building an abstract model of the web application is the chief task of software test based on model, which is an efficient way for testing the web application. One problem with current web application test technologie...Building an abstract model of the web application is the chief task of software test based on model, which is an efficient way for testing the web application. One problem with current web application test technologies is the lack of tools for modeling the whole web software, especially the lack of support for describing web application from the view of action and function. This paper is concerned with providing the support for development and test of the web application. The presented novel model, named component-based and tree-oriented web application development model (CBTOWADM), abstracts the web application as a tree based on its system function and business process. CBTOWADM not only simplifies the design and development of the web application, but also acts as the model middleware for software test. The basic model definition, the system framework and the application in software test of CBTOWADM is described.展开更多
Parallel to the considerable growth in applications of web-based systems, there are increasing demands for methods and tools to assure their quality. Testing these systems, due to their inherent complexities and speci...Parallel to the considerable growth in applications of web-based systems, there are increasing demands for methods and tools to assure their quality. Testing these systems, due to their inherent complexities and special characteristics, is complex, time-consuming and challenging. In this paper a novel multi-agent framework for automated testing of web-based systems is presented. The main design goals have been to develop an effective and flexible framework that supports different types of tests and utilize different sources of information about the system under test to automate the test process. A prototype of the proposed framework has been implemented and is used to perform some experiments. The results are promising and prove the overall design of the framework.展开更多
To ensure the quality of Web applications, Web testing is one of the effective methods. The testing is a process of revealing errors that is used to give confidence that the implementation of a Web application meets i...To ensure the quality of Web applications, Web testing is one of the effective methods. The testing is a process of revealing errors that is used to give confidence that the implementation of a Web application meets its original specification. This work proposes a Web testing framework based on Stream X-Machines (SXMs), which provides a way to derive test cases for a Web application. It starts from constructing the SXM model, from which a test translator is employed to extract the test paths and then translates them into an XML-style test specification, which is the input of test engine. The test engine generates test cases and then executes them, and finally produces test report. This testing method is a significant contribution to informed research.展开更多
In order to analyze and test the component-based web application and decide when to stop the testing process, the concept of coverage criteria and test requirement reduction approach are proposed. First, four adequacy...In order to analyze and test the component-based web application and decide when to stop the testing process, the concept of coverage criteria and test requirement reduction approach are proposed. First, four adequacy criteria are defined and subsumption relationships among them are proved. Then, a translation algorithm is presented to transfer the test model into a web application decision-to-decision graph(WADDGraph)which is used to reduce testing requirements. Finally, different sets of test requirements can be generated from WADDGraph by analyzing subsumption and equivalence relationships among edges based on different coverage criteria, and testers can select different test requirements according to different testing environments. The case study indicates that coverage criteria follow linear subsumption relationships in real web applications. Test requirements can be reduced more than 55% on average based on different coverage criteria and the size of test requirements increases with the increase in the complexity of the coverage criteria.展开更多
This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessment...This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box,to carry out the security validation of a web application in an agile and precise way.The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks.Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage,so that the results generated in one phase are used as feed for the following phases in order to get an optimized global security analysis result.The methodology can be used as part of other more general methodologies that do not cover how to use static and dynamic analysis tools in the implementation and testing phases of a Secure Software Development Life Cycle(SSDLC).A practical application of the methodology to analyze the security of a real web application demonstrates its effectiveness by obtaining a better optimized vulnerability detection result against the true and false positive metrics.Dynamic analysis with manual checking is used to audit the results,24.6 per cent of security vulnerabilities reported by the static analysis has been checked and it allows to study which vulnerabilities can be directly exploited externally.This phase is very important because it permits that each reported vulnerability can be checked by a dynamic second tool to confirm whether a vulnerability is true or false positive and it allows to study which vulnerabilities can be directly exploited externally.Dynamic analysis finds six(6)additional critical vulnerabilities.Access control analysis finds other five(5)important vulnerabilities such as Insufficient Protected Passwords or Weak Password Policy and Excessive Authentication Attacks,two vulnerabilities that permit brute force attacks.展开更多
Model checking techniques have been widely used in verifying web service compositions to ensure the trustworthi- ness. However, little research has focused on testing web services. Based on the research of model check...Model checking techniques have been widely used in verifying web service compositions to ensure the trustworthi- ness. However, little research has focused on testing web services. Based on the research of model checking techniques~ we propose a model checking based approach for testing web service composition which is described by using the web services choreography description language (WS-CDL). According to worldwide web consortium (W3C) candidate recommendation, the WS-CDL specification provides a language for characterizing interactions between distinct web services using XML. Since the behaviors of web service composition are asynchronous, distributed, low-coupled and platform independent, we employ the guarded automata (GA) model for specifying the composition described in WS-CDL and using the simple promela interpreter (SPIN) model checker for detecting the collaborations of web services. Test cases can be transformed from counterexamples generated by SPIN using adequacy criteria. In this paper we apply the transition coverage criterion for generating counterex- amples. To illustrate our approach, we set "E-commerce service system" as an example for demonstrating how test cases can be generated using SPIN for compositions specified in WS-CDL.展开更多
Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity.The construction of the procedure utilized in the static analysis tools of source cod...Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity.The construction of the procedure utilized in the static analysis tools of source code security differs and therefore each tool finds a different number of each weakness type for which it is designed.To utilize the possible synergies different static analysis tools may process,this work uses a new method to combine several source codes aiming to investigate how to increase the performance of security weakness detection while reducing the number of false positives.Specifically,five static analysis tools will be combined with the designed method to study their behavior using an updated benchmark for OWASP Top Ten Security Weaknesses(OWASP TTSW).The method selects specific metrics to rank the tools for different criticality levels of web applications considering different weights in the ratios.The findings show that simply including more tools in a combination is not synonymous with better results;it depends on the specific tools included in the combination due to their different designs and techniques.展开更多
基金Supported by the National Natural Science Foundation of China (60673115)the National Basic Research Program of China (973 Program) (2002CB312001)the Open Foundation of State Key Laboratory of Soft-ware Engineering (SKLSE05-13)
文摘A formal model representing the navigation behavior of a Web application as the Kripke structure is proposed and an approach that applies model checking to test case generation is presented. The Object Relation Diagram as the object model is employed to describe the object structure of a Web application design and can be translated into the behavior model. A key problem of model checking-based test generation for a Web application is how to construct a set of trap properties that intend to cause the violations of model checking against the behavior model and output of counterexamples used to construct the test sequences. We give an algorithm that derives trap properties from the object model with respect to node and edge coverage criteria.
基金The National Natural Science Foundation of China(No.60503020,60503033,60703086)Opening Foundation of Jiangsu Key Laboratory of Computer Information Processing Technology in Soochow University(No.KJS0714)
文摘In order to improve the efficiency of regression testing in web application,the control flow graph and the greedy algorithm are adopted.This paper considers a web page as a basic unit and introduces a test case selection method for web application regression testing based on the control flow graph.This method is safe enough to the test case selection.On the base of features of request sequence in web application,the minimization technique and the priority of test cases are taken into consideration in the process of execution of test cases in regression testing for web application.The improved greedy algorithm is also raised resulting in optimization of execution of test cases.The experiments indicate that the number of test cases which need to be retested is reduced,and the efficiency of execution of test cases is also improved.
基金Supported by the National Natural Science Foun-dation of China (60425206 ,90412003 ,60503033)the National Bas-ic Research Program of China (973 Program 2002CB312000 ) Opening Foundation of State Key Laboratory of Software Engineeringin Wuhan University, High Technology Research Project of JiangsuProvince (BG2005032)
文摘Forms enhance both the dynamic and interactive abilities of Web applications and the system complexity. And it is especially important to test forms completely and thoroughly. Therefore, this paper discusses how to carry out the form testing by different methods in the related testing phases. Namely, at first, automatically abstracting forms in the Web pages by parsing the HTML documents; then, ohtai ning the testing data with a certain strategies, such as by requirement specifications, by mining users' hefore input informarion or by recording meehanism; and next executing the testing actions automatically due to the well formed test cases; finally, a case study is given to illustrate the convenient and effective of these methods.
文摘As the increasing popularity and complexity of Web applications and the emergence of their new characteristics, the testing and maintenance of large, complex Web applications are becoming more complex and difficult. Web applications generally contain lots of pages and are used by enormous users. Statistical testing is an effective way of ensuring their quality. Web usage can be accurately described by Markov chain which has been proved to be an ideal model for software statistical testing. The results of unit testing can be utilized in the latter stages, which is an important strategy for bottom-to-top integration testing, and the other improvement of extended Markov chain model (EMM) is to present the error type vector which is treated as a part of page node. this paper also proposes the algorithm for generating test cases of usage paths. Finally, optional usage reliability evaluation methods and an incremental usability regression testing model for testing and evaluation are presented. Key words statistical testing - evaluation for Web usability - extended Markov chain model (EMM) - Web log mining - reliability evaluation CLC number TP311. 5 Foundation item: Supported by the National Defence Research Project (No. 41315. 9. 2) and National Science and Technology Plan (2001BA102A04-02-03)Biography: MAO Cheng-ying (1978-), male, Ph.D. candidate, research direction: software testing. Research direction: advanced database system, software testing, component technology and data mining.
文摘Vulnerability-testing Oriented Petri Net (VOPN), a vulnerability testing model for communication protocol is brought forward first, which is combined Petri Net system with protocol Syntax analysis. Then vulnerability testing of implementation of HTTP protocol based on VOPN is made and the process is analyzed to prove the feasibility of the model.
基金Acknowledgements: This work was supported by National High-Technology Research and Development Program (863 Program) of China under grant (No. 2007AA01Z144), National Natural Science Foundation of China (NSFC) under grant (No. 60673115) and National Grand Basic Research Program (973 Program) of China under grant (No. 2007CB310800).
基金supported in part by the National Science Foundation of China under Grants U22B2027,62172297,62102262,61902276 and 62272311,Tianjin Intelligent Manufacturing Special Fund Project under Grant 20211097the China Guangxi Science and Technology Plan Project(Guangxi Science and Technology Base and Talent Special Project)under Grant AD23026096(Application Number 2022AC20001)+1 种基金Hainan Provincial Natural Science Foundation of China under Grant 622RC616CCF-Nsfocus Kunpeng Fund Project under Grant CCF-NSFOCUS202207.
文摘Web application fingerprint recognition is an effective security technology designed to identify and classify web applications,thereby enhancing the detection of potential threats and attacks.Traditional fingerprint recognition methods,which rely on preannotated feature matching,face inherent limitations due to the ever-evolving nature and diverse landscape of web applications.In response to these challenges,this work proposes an innovative web application fingerprint recognition method founded on clustering techniques.The method involves extensive data collection from the Tranco List,employing adjusted feature selection built upon Wappalyzer and noise reduction through truncated SVD dimensionality reduction.The core of the methodology lies in the application of the unsupervised OPTICS clustering algorithm,eliminating the need for preannotated labels.By transforming web applications into feature vectors and leveraging clustering algorithms,our approach accurately categorizes diverse web applications,providing comprehensive and precise fingerprint recognition.The experimental results,which are obtained on a dataset featuring various web application types,affirm the efficacy of the method,demonstrating its ability to achieve high accuracy and broad coverage.This novel approach not only distinguishes between different web application types effectively but also demonstrates superiority in terms of classification accuracy and coverage,offering a robust solution to the challenges of web application fingerprint recognition.
基金Supported by the Ministry of Education for Ph. D (20030614006)
文摘Virtual instrument is playing the important role in automatic test system. This paper introduces a composition of a virtual instrument automatic test system and takes the VXIbus based a test software platform which is developed by CAT lab of the UESTC as an example. Then a method to model this system based on Petri net is proposed. Through this method, we can analyze the test task scheduling to prevent the deadlock or resources conflict. At last, this paper analyzes the feasibility of this method.
基金Project supported by the National High-Technology Research and Development Program of China(Grant No.2007AA01Z144)the Shanghai Leading Academic Discipline Project(Grant No.J50103)
文摘Building an abstract model of the web application is the chief task of software test based on model, which is an efficient way for testing the web application. One problem with current web application test technologies is the lack of tools for modeling the whole web software, especially the lack of support for describing web application from the view of action and function. This paper is concerned with providing the support for development and test of the web application. The presented novel model, named component-based and tree-oriented web application development model (CBTOWADM), abstracts the web application as a tree based on its system function and business process. CBTOWADM not only simplifies the design and development of the web application, but also acts as the model middleware for software test. The basic model definition, the system framework and the application in software test of CBTOWADM is described.
文摘Parallel to the considerable growth in applications of web-based systems, there are increasing demands for methods and tools to assure their quality. Testing these systems, due to their inherent complexities and special characteristics, is complex, time-consuming and challenging. In this paper a novel multi-agent framework for automated testing of web-based systems is presented. The main design goals have been to develop an effective and flexible framework that supports different types of tests and utilize different sources of information about the system under test to automate the test process. A prototype of the proposed framework has been implemented and is used to perform some experiments. The results are promising and prove the overall design of the framework.
文摘To ensure the quality of Web applications, Web testing is one of the effective methods. The testing is a process of revealing errors that is used to give confidence that the implementation of a Web application meets its original specification. This work proposes a Web testing framework based on Stream X-Machines (SXMs), which provides a way to derive test cases for a Web application. It starts from constructing the SXM model, from which a test translator is employed to extract the test paths and then translates them into an XML-style test specification, which is the input of test engine. The test engine generates test cases and then executes them, and finally produces test report. This testing method is a significant contribution to informed research.
基金The National Natural Science Foundation of China(No.90818027,60873050)the National High Technology Research andDevelopment Program of China (863 Program) (No.2009AA01Z147)+2 种基金Opening Foundation of State Key Laboratory Software Engineering in Wu-han University(No.SKLSE20080717)Opening Foundation of State KeyLaboratory for Novel Software Technology in Nanjing University(No.ZZ-KT2008F12)the Key Laboratory Foundation of Shanghai Municipal Science and Technology Commission (No.09DZ2272600)
文摘In order to analyze and test the component-based web application and decide when to stop the testing process, the concept of coverage criteria and test requirement reduction approach are proposed. First, four adequacy criteria are defined and subsumption relationships among them are proved. Then, a translation algorithm is presented to transfer the test model into a web application decision-to-decision graph(WADDGraph)which is used to reduce testing requirements. Finally, different sets of test requirements can be generated from WADDGraph by analyzing subsumption and equivalence relationships among edges based on different coverage criteria, and testers can select different test requirements according to different testing environments. The case study indicates that coverage criteria follow linear subsumption relationships in real web applications. Test requirements can be reduced more than 55% on average based on different coverage criteria and the size of test requirements increases with the increase in the complexity of the coverage criteria.
文摘This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box,to carry out the security validation of a web application in an agile and precise way.The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks.Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage,so that the results generated in one phase are used as feed for the following phases in order to get an optimized global security analysis result.The methodology can be used as part of other more general methodologies that do not cover how to use static and dynamic analysis tools in the implementation and testing phases of a Secure Software Development Life Cycle(SSDLC).A practical application of the methodology to analyze the security of a real web application demonstrates its effectiveness by obtaining a better optimized vulnerability detection result against the true and false positive metrics.Dynamic analysis with manual checking is used to audit the results,24.6 per cent of security vulnerabilities reported by the static analysis has been checked and it allows to study which vulnerabilities can be directly exploited externally.This phase is very important because it permits that each reported vulnerability can be checked by a dynamic second tool to confirm whether a vulnerability is true or false positive and it allows to study which vulnerabilities can be directly exploited externally.Dynamic analysis finds six(6)additional critical vulnerabilities.Access control analysis finds other five(5)important vulnerabilities such as Insufficient Protected Passwords or Weak Password Policy and Excessive Authentication Attacks,two vulnerabilities that permit brute force attacks.
基金Project supported by the Open Foundation of State Key Laboratory of Software Engineering(Grant No.SKLSE20080712)the National Natural Science Foundation of China(Grant No.60970007)+2 种基金the National Basic Research Program of China(Grant No.2007CB310800)the Shanghai Leading Academic Discipline Project(Grant No.J50103)the Science and Technology Commission of Shanghai Municipality(Grant No.09DZ2272600)
文摘Model checking techniques have been widely used in verifying web service compositions to ensure the trustworthi- ness. However, little research has focused on testing web services. Based on the research of model checking techniques~ we propose a model checking based approach for testing web service composition which is described by using the web services choreography description language (WS-CDL). According to worldwide web consortium (W3C) candidate recommendation, the WS-CDL specification provides a language for characterizing interactions between distinct web services using XML. Since the behaviors of web service composition are asynchronous, distributed, low-coupled and platform independent, we employ the guarded automata (GA) model for specifying the composition described in WS-CDL and using the simple promela interpreter (SPIN) model checker for detecting the collaborations of web services. Test cases can be transformed from counterexamples generated by SPIN using adequacy criteria. In this paper we apply the transition coverage criterion for generating counterex- amples. To illustrate our approach, we set "E-commerce service system" as an example for demonstrating how test cases can be generated using SPIN for compositions specified in WS-CDL.
文摘Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity.The construction of the procedure utilized in the static analysis tools of source code security differs and therefore each tool finds a different number of each weakness type for which it is designed.To utilize the possible synergies different static analysis tools may process,this work uses a new method to combine several source codes aiming to investigate how to increase the performance of security weakness detection while reducing the number of false positives.Specifically,five static analysis tools will be combined with the designed method to study their behavior using an updated benchmark for OWASP Top Ten Security Weaknesses(OWASP TTSW).The method selects specific metrics to rank the tools for different criticality levels of web applications considering different weights in the ratios.The findings show that simply including more tools in a combination is not synonymous with better results;it depends on the specific tools included in the combination due to their different designs and techniques.
