Combining static and dynamic analysis for the reverse engineering of web applications

Silva, Carlos E.; Campos, José Creissac

doi:10.1145/2494603.2480324

Cited by 16 publications

(12 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are also several tools and many research papers which aim to reverse-engineer web applications (such as [18,13] for example). However, as web applications are not a target for our research we do not discuss these further here.…”

Section: Related Workmentioning

confidence: 99%

Creating models of interactive systems with the support of lightweight reverse-engineering tools

Bowen

2015

Proceedings of the 7th ACM SIGCHI Symposium on Engineering Interactive Computing Systems

View full text Add to dashboard Cite

Creating formal models of interactive systems is an important step in the development process, particularly for safetycritical interactive systems. Such models can be used for a variety of software engineering purposes such as modelchecking, verification, testing, refinement etc. While the use of such models at the beginning of the implementation cycle is important, it is often the case that we are interested in performing many of the same activities (particularly safety verification and testing) on systems which have been built without the use of formal methods or modelling. In order to do this we need to somehow reverse-engineer the system to generate the models post-implementation. In this paper we describe an approach we have developed to support the reverseengineering of interactive systems and tools which support this. The tools perform partial reverse-engineering and act as a guide to the developer of the models rather than providing a fully automated solution. We motivate this by discussing the importance of what we describe as 'light-weight' tools in the engineering process.

show abstract

Section: Related Workmentioning

confidence: 99%

Creating models of interactive systems with the support of lightweight reverse-engineering tools

Bowen

2015

Proceedings of the 7th ACM SIGCHI Symposium on Engineering Interactive Computing Systems

View full text Add to dashboard Cite

show abstract

“…However, the information extracted by a pure dynamic approach is incomplete due to the inability to explore infeasible paths (e.g., windows that require a password) and providing user inputs [16], [26]. As such the models generated by these tools are incomplete due to the limitations of pure dynamic analysis [27], [28]. Tools that combine both static (analysis of bytecode/source code to extract valuable information) and dynamic (analyzing application at the run time) approaches were proposed recently to improve the coverage and the quality of the generated models from the mobile apps such as Orbit [6] and A3E [29].…”

Section: Introductionmentioning

confidence: 99%

“…In this technique, test input can be obtained by dynamically analyzing an application at run-time [39] or from the external descriptions of the application, including specifications, requirements and design parameters [40], [41]. It is particularly suited for extracting information about the UI's external behavior [27]. One of the most challenging issues in dynamic reverse engineering is how events are found and fired in controlling the model exploration.…”

Section: Introductionmentioning

confidence: 99%

“…One of the most challenging issues in dynamic reverse engineering is how events are found and fired in controlling the model exploration. Also, the inability to explore certain UI due to the presence of infeasible paths such as those that require user inputs and modal UI (dialog box) that can sometimes be visible or invisible [16], [27]. Hence, the extracted information about the behavior of the application could be inaccurate and incomplete which affects the quality of the generated model.…”

Section: Introductionmentioning

confidence: 99%

“…White-box technique involves the analysis of the application's code without executing the application itself to generate a human-readable form of representation [39]. It is well suited for extracting information about the internal structure of the system and dependencies among the structural elements such as classes, methods, and variables information [27]. Furthermore, it can retrieve more accurate information from an application.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

AMOGA: A Static-Dynamic Model Generation Strategy for Mobile Apps Testing

et al. 2019

View full text Add to dashboard Cite

In the past few years, mobile devices have been increasingly replacing traditional computers as their capabilities such as CPU computation, memory, RAM size, and many more, are being enhanced almost to the level of conventional computers. These capabilities are being exploited by mobile apps developers to produce apps that offer more functionalities and optimized performance. To ensure acceptable quality and to meet their specifications (e.g., design), mobile apps need to be tested thoroughly. As the testing process is often tedious, test automation can be the key to alleviating such laborious activities. In the context of the Android-based mobile apps, researchers and practitioners have proposed many approaches to automate the testing process mainly on the creation of the test suite. Although useful, most existing approaches rely on reverse engineering a model of the application under test for test case creation. Often, such approaches exhibit a lack of comprehensiveness as the application model does not capture the dynamic behavior of the applications extensively due to the incompleteness of reverse engineering approaches. To address this issue, this paper proposes AMOGA, a strategy that uses a hybrid, static-dynamic approach for generating user interface model from mobile apps for modelbased testing. AMOGA implements a novel crawling technique that uses the event list of UI element associated with each event to dynamically exercise the events ordering at the run-time to explore the applications' behavior. An experimental evaluation was performed to assess the effectiveness of our strategy by measuring the code coverage and the fault detection capability through the use of mutation testing concept. Results of the experimental assessment showed that AMOGA represents an alternative approach for model-based testing of mobile apps by generating comprehensive models to improve the coverage of the applications. The strategy proved its effectiveness by achieving high code coverage and mutation score for different applications.

show abstract

Analysing Microsoft Access Projects: Building a Model in a Partially Observable Domain

Bragagnolo

Anquetil

Ducasse

et al. 2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Due to the technology evolution, every IT Company migrates their software systems at least once. Reengineering tools build system models which are used for running software analysis. These models are traditionally built from source code analysis and information accessible by data extractors (that we call such information observable). In this article we present the case of Microsoft Access projects and how this kind of project is partially observable due to proprietary storing formats. We propose a novel approach for building models that allows us to overcome this problem by reverse engineering the development environment runtime through the usage of Microsoft COM interface. We validate our approach and implementation by fully replicating 10 projects, 8 of them industrial, based only on our model information. We measure the replication performance by measuring the errors during the process and completeness of the product. We measure the replication error, by tracking replication operations. We used the scope and completeness measure to enact this error. Completeness is measured by the instrumentation of a simple and scoped diff based on a third source of information. We present extensive results and interpretations. We discuss the threats to validity, the possibility of other approaches and the technological restrictions of our solution.

show abstract

Combining static and dynamic analysis for the reverse engineering of web applications

Cited by 16 publications

References 15 publications

Creating models of interactive systems with the support of lightweight reverse-engineering tools

Creating models of interactive systems with the support of lightweight reverse-engineering tools

AMOGA: A Static-Dynamic Model Generation Strategy for Mobile Apps Testing

Analysing Microsoft Access Projects: Building a Model in a Partially Observable Domain

Contact Info

Product

Resources

About