A case study on bypass testing of web applications

Offutt, Jeff; Papadimitriou, Vasileios A.; Praphamontripong, Upsorn

doi:10.1007/s10664-012-9216-x

Cited by 7 publications

(8 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Lack of user input validation vulnerability (Offutt et al, 2014) occurs when a web application accepts input from a user without checking whether this input is valid or not. Therefore, web applications must include client-side and server-side validations that can reject invalid, unsanitised, manipulated or perturbed user inputs to ensure security quality attributes.…”

Section: Lack Of User Input Validation Vulnerabilitymentioning

confidence: 99%

“…SWAT techniques attempt to inject such malicious inputs into a web application under test to determine whether these inputs are accepted or rejected by this application. The web applications security-based testing techniques found in the reviewed research papers are SQL injection testing (Lei et al, 2013), XSS testing (Bozic et al, 2015b), XML injection testing (Jan et al, 2019), bypass testing (Offutt et al, 2014), and penetration testing (Tian et al, 2012). Table 3 classifies the reviewed research papers according to the targeted vulnerability in each paper.…”

Section: Other Types Of Web Applications Testingmentioning

confidence: 99%

“…Performance testing Jiang and Jiang (2009), Gao et al (2010), Kao et al (2013), Rodríguez et al (2013), Ali and Badr (2015), Ahmad et al (2018), Eid et al (2020) and Porres et al (2020) Mutation testing Zulkernine (2008, 2009), Xu et al (2012), Habibi and Mirian-Hosseinabadi (2015) and Sherin et al (2021) Combinatorial testing (Nie andLeung, 2011) Bozic et al (2015b), Qi et al (2017) and Bozic and Wotawa (2020) Testing sanitisation process Balzarotti et al (2008), Li et al (2010b) and Hanna and Munro (2018) Semantic-based testing (Dadkhah et al, 2020 and Hanna and Munro (2018) Fuzz testing Li et al (2014Li et al ( , 2010b and Offutt et al (2014) User session-based testing Sampath et al (2008), Quan and Lu (2010) and Sampath and Bryce (2012) Search-based testing Marchetto and Tonella (2009), Bolis et al (2012) and Elgendy et al (2020b) Regression testing Tarhini et al (2008), Kwon et al (2018), Andrews et al (2019), Eid et al (2020) and Abadeh (2021) Concolic testing Wassermann et al (2008) and Fard et al (2015) User acceptance testing Yu et al (2009) and…”

Section: Testing Technique Research Papersmentioning

confidence: 99%

See 2 more Smart Citations

Web applications testing techniques: a systematic mapping study

Ahmad¹,

Hanna²

2022

IJWET

View full text Add to dashboard Cite

Due to the importance of web application testing techniques for detecting faults and assessing quality attributes, many research papers were published in this field. For this reason, it became essential to analyse, classify and summarise the research in the field. To achieve this goal, this research conducted a systematic mapping study on 98 research papers in the field of web applications testing published between 2008 and 2021. The results showed that the most commonly used web applications testing techniques in literature are model-based testing and security testing. Besides, the most commonly used models in model-based testing are finite-state machines. The most targeted vulnerability in security testing is SQL injection. Test automation is the most targeted testing goal in both model-based and security testing. For other web applications testing techniques, the main goals of testing were test automation, test coverage, and assessing security quality attributes.

show abstract

Section: Lack Of User Input Validation Vulnerabilitymentioning

confidence: 99%

Section: Other Types Of Web Applications Testingmentioning

confidence: 99%

Section: Testing Technique Research Papersmentioning

confidence: 99%

See 1 more Smart Citation

Web applications testing techniques: a systematic mapping study

Ahmad¹,

Hanna²

2022

IJWET

View full text Add to dashboard Cite

show abstract

“…In related research, we have developed bypass testing [23,24] to send invalid data to web applications, bypassing some of the input validation. This is a stress testing approach that does not explore the kinds of interaction paths that ASM explores.…”

Section: Related Workmentioning

confidence: 99%

An Evaluation of the Effectiveness of the Atomic Section Model

Thummala

Offutt

2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Society increasingly depends on web applications for business, work, and pleasure. As the use of web applications continues to increase, the number of failures, some minor and some major, continues to grow. A significant problem is that we still have relatively weak abilities to test web applications, and often rely on informal, ad-hoc, and ineffective techniques. A key driver to this problem is that web applications use novel technologies, including control structures that are not available in traditional software, and new state handling techniques, including new variable scopes. Traditional testing techniques do not adequately model or test these novel technologies. The atomic section model (ASM), which was introduced in a previous paper, models these novel technologies to support design, analysis, and testing. This paper presents an empirical study to evaluate the effectiveness of the ASM to design tests. The model was implemented into a tool, WASP, which extracts the ASM from the implementation and supports various test criteria. We studied ten web applications, totaling 156 components and 11,829 lines of code. Using WASP, we generated 207 tests, which revealed 31 faults. Seventeen of those faults exposed internal information about the application and server.

show abstract

“…Yet, significant amount of failures is still being found [1]. That is due to poor engineering processes, unstandardised knowledge, and poor practices in software development and software testing processes.…”

Section: Problem Statementmentioning

confidence: 99%

Testing of Distributed Service-Oriented Systems

Nizamic

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

A case study on bypass testing of web applications

Cited by 7 publications

References 18 publications

Web applications testing techniques: a systematic mapping study

Web applications testing techniques: a systematic mapping study

An Evaluation of the Effectiveness of the Atomic Section Model

Testing of Distributed Service-Oriented Systems

Contact Info

Product

Resources

About