Invariant-Based Automatic Testing of Modern Web Applications

Mesbah, Ali; Deursen, Arie van; Roest, D.

doi:10.1109/tse.2011.28

Cited by 132 publications

(97 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Recent work [18,19] has explored test generation for rich-client applications, where the application's state is maintained as a DOM 11 -tree, manipulated both by client-side user-interactions and via asynchronous AJAX callbacks from the serverside. These approaches rely on automatic inference of a state-based model of the application, from which suitable test sequences might be determined.…”

Section: Model-based Testing As An Enabling Technologymentioning

confidence: 99%

Model-Based Testing in Cloud Brokerage Scenarios

Kiran

Friesen

Simons

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In future Cloud ecosystems, brokers will mediate between service providers and consumers, playing an increased role in quality assurance, checking services for functional compliance to agreed standards, among other aspects. To date, most Software-as-a-Service (SaaS) testing has been performed manually, requiring duplicated effort at the development, certification and deployment stages of the service lifecycle. This paper presents a strategy for achieving automated testing for certification and re-certification of SaaS applications, based on the adoption of simple state-based and functional specifications. High-level test suites are generated from specifications, by algorithms that provide the necessary and sufficient coverage. The high-level tests must be grounded for each implementation technology, whether SOAP, REST or richclient. Two examples of grounding are presented, one into SOAP for a traditional web service and the other into Selenium for a SAP HANA rich-client application. The results demonstrate good test coverage. Further work is required to fully automate the grounding.

show abstract

Section: Model-based Testing As An Enabling Technologymentioning

confidence: 99%

Model-Based Testing in Cloud Brokerage Scenarios

Kiran

Friesen

Simons

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…We have paid some attention also to Asynchronous JavaScript and XML (AJAX) interfaces in websites as such contents are not readily accessible by crawlers, some specials tools and techniques should be situation like this. Since AJAXbased applications depend on asynchronous client/server communication and client-side processing of the DOM tree, testing web applications with AJAX content is pretty challenging compared to traditional web content [11]. (AJAX) is getting more and more popular in web applications for building client side interactive web applications.…”

Section: Goals and Approachesmentioning

confidence: 99%

“…The Approach of examining AJAX pages is a slightly bit similar to that used in [11]. There are three major differences between our test automation framework and the one proposed in [11], first we extracted DOM widgets vulnerable states based on different user interaction scenarios, second, our concentration in this framework is not only AJAX interfaces we are building test cases for both possible blocked contents and Dynamic Ajax interfaces, while in [11] the focus was on Ajax interface only.…”

Section: B Event Driven Dom Vulnerability Testingmentioning

confidence: 99%

“…There are three major differences between our test automation framework and the one proposed in [11], first we extracted DOM widgets vulnerable states based on different user interaction scenarios, second, our concentration in this framework is not only AJAX interfaces we are building test cases for both possible blocked contents and Dynamic Ajax interfaces, while in [11] the focus was on Ajax interface only. Our test Automation framework included a dynamic cycles to feed new inputs for those blocked content, eventually, the goal is to have as many security testing scenarios as possible.…”

Section: B Event Driven Dom Vulnerability Testingmentioning

confidence: 99%

“…In our proposed framework, many user interaction clickable events will be used as a collaboration scenario at the client level, hence any possible malicious change on the DOM (Document object Model) will be calculated based on DOM stable boundary [11], then a decision is made to consider event as malicious or not. Next a set of malicious events will be added to the vulnerable events database, ultimately, the complete test cases list will be composed of both vulnerable events of DOM AJAX interfaces and the blocked web contents.…”

Section: B Event Driven Dom Vulnerability Testingmentioning

confidence: 99%

See 2 more Smart Citations

oward Security Test Automation for Event Driven GUI Web Contents

Alsmadi

Aleroud

2012

IJCNIS

View full text Add to dashboard Cite

-The web is taking recently a large percentage of software products. The evolving nature of web applications put a serious challenge on testing, if we consider the dynamic nature of the current web. More precisely, testing both blocked contents and AJAX interfaces, might create new challenges in terms of test coverage and completeness. In this paper, we proposed enhancements and extensions of the current test automation activities. In the proposed framework, user interaction with AJAX interfaces is used to collect DOM violation states. A blocked content is accessed through multiple forms' submission with dynamic contents, and in each iteration the vulnerability events databases are modified. Next, the test cases database of possible vulnerable inputs for both AJAX and blocked contents is built. Finally, Coverage assessment is evaluated after executing those test cases based on several possible coverage aspects.

show abstract

Maturity model for secure software testing

Alam

Mahmood

Alshayeb

et al. 2023

J Software Evolu Process

View full text Add to dashboard Cite

Security is an essential attribute of high‐quality software. However, effectively incorporating security practices into different phases of the software development life cycle (SDLC) remains challenging. Owing to less mature secure testing processes, organizations are prone to ineffective testing practices for defect detection, including severe security‐related failures. Thus, in this study, we present a maturity model for secure software testing (MMSST) to assist software development organizations in improving the secure testing of software applications. We conducted a multivocal literature review and identified 68 primary studies from the formal and gray literature. Then, based on the available evidence, 27 process areas were identified to develop the proposed MMSST. The MMSST includes five main categories: governance, contrive and design, execution, deployment and configuration, and mature. The MMSST was subsequently evaluated using case studies related to practical environments. Results demonstrate that the proposed MMSST is useful for estimating the maturity level of an organization with respect to the secure testing phase of the SDLC. The participants of the case studies also agreed that the proposed MMSST is useful in terms of structure, user satisfaction, and ease of use. We believe that the proposed MMSST can help organizations evaluate and improve software security testing practices. In addition, the proposed MMSST is expected to provide researchers and industry practitioners with an effective foundation for developing new secure testing approaches and tools.

show abstract

Invariant-Based Automatic Testing of Modern Web Applications

Cited by 132 publications

References 33 publications

Model-Based Testing in Cloud Brokerage Scenarios

Model-Based Testing in Cloud Brokerage Scenarios

oward Security Test Automation for Event Driven GUI Web Contents

Maturity model for secure software testing

Contact Info

Product

Resources

About