Precise interface identification to improve testing and analysis of web applications

Halfond, William G. J.; Anand, Sandeep; Orso, Alessandro

doi:10.1145/1572272.1572305

Cited by 60 publications

(49 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Halfond and Orso [16], [17] present their static analysis of server-side Java code to extract web application request parameters and their potential values. They use [15] symbolic execution of server-side code to identify possible interfaces of web applications. Such techniques have limitations in revealing faults that are due to the complex (client-side) runtime behavior of modern rich web applications.…”

Section: Traditional Web Testingmentioning

confidence: 99%

Invariant-Based Automatic Testing of Modern Web Applications

Mesbah

Deursen

Roest

2012

IIEEE Trans. Software Eng.

131

View full text Add to dashboard Cite

Abstract-AJAX-based Web 2.0 applications rely on stateful asynchronous client/server communication, and client-side run-time manipulation of the DOM tree. This not only makes them fundamentally different from traditional web applications, but also more error-prone and harder to test. We propose a method for testing AJAX applications automatically, based on a crawler to infer a state-flow graph for all (client-side) user interface states. We identify AJAX-specific faults that can occur in such states (related to e.g., DOM validity, error messages, discoverability, back-button compatibility) as well as DOM-tree invariants that can serve as oracles to detect such faults. Our approach, called ATUSA, is implemented in a tool offering generic invariant checking components, a plugin-mechanism to add application-specific state validators, and generation of a test suite covering the paths obtained during crawling. We describe three case studies, consisting of six subjects, evaluating the type of invariants that can be obtained for AJAX applications as well as the fault revealing capabilities, scalability, required manual effort, and level of automation of our testing approach.

show abstract

Section: Traditional Web Testingmentioning

confidence: 99%

Invariant-Based Automatic Testing of Modern Web Applications

Mesbah

Deursen

Roest

2012

IIEEE Trans. Software Eng.

131

View full text Add to dashboard Cite

show abstract

“…Deng et al [34] use static analysis to extract information related to URLs and their parameters for web applications, and generate executable test cases using the collected information. Halfond et al [35] present an approach that uses symbolic execution to identify precise interfaces for web applications.…”

Section: Related Workmentioning

confidence: 99%

An Effective Regression Testing Approach for PHP Web Applications

Marback

Ehresmann

2012

2012 IEEE Fifth International Conference on Software Testing, Verification and Validation

View full text Add to dashboard Cite

Abstract-Web applications change and are upgraded frequently due to security attacks, feature updates, or user preference changes. These fixes often involve small patches or revisions, but still, testers need to perform regression testing on their products to ensure that the changes have not introduced new faults. Applying regression testing to the entire product, however, can be very expensive, and often, companies cannot afford to do this because, typically, the turnaround time to release patches is expected to be short. One solution is focusing only on the areas of code that have been changed and performing regression testing on them. In this way, companies can provide quick patches more dependably whenever they encounter security breaches. In this paper, we propose a new regression testing approach that is applied to frequently patched web applications, considering security problems, and in particular, focusing on PHP programs. Our approach identifies the affected areas by code changes using impact analysis and generates new test cases for the impacted areas by changes using program slices considering both numeric and string input values. To facilitate our approach, we implemented a PHP Analysis and Regression Testing Engine (PARTE) and performed a controlled experiment using open source web applications. The results show that our approach is effective in reducing the cost of regression testing for frequently patched web applications.

show abstract

“…For traditional programs, KLEE [6] is capable of automatically generating tests that achieve high coverage on even complex programs. For serverside languages, Halfond et al [18] apply symbolic execution to precisely identify interfaces in the Java Enterprise Edition (JEE) framework, while Rubyx [7] detects security vulnerabilities based on specifications by symbolically executing Ruby-onRails web applications. For JavaScript, a client-side language widely used in web applications, Saxena et al [24] designed and implemented a symbolic execution framework which can handle string constraints.…”

Section: Related Workmentioning

confidence: 99%

Detecting Logic Vulnerabilities in E-commerce Applications

Sun

2014

Proceedings 2014 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-E-commerce has become a thriving business model. With easy access to various tools and third-party cashiers, it is straightforward to create and launch e-commerce web applications. However, it remains difficult to create secure ones. While third-party cashiers help bridge the gap of trustiness between merchants and customers, the involvement of cashiers as a new party complicates logic flows of checkout processes. Even a small loophole in a checkout process may lead to financial loss of merchants, thus logic vulnerabilities pose serious threats to the security of e-commerce applications. Performing manual code reviews is challenging because of the diversity of logic flows and the sophistication of checkout processes. Consequently, it is important to develop automated detection techniques. This paper proposes the first static detection of logic vulnerabilities in e-commerce web applications. The main difficulty of automated detection is the lack of a general and precise notion of correct payment logic. Our key insight is that secure checkout processes share a common invariant: A checkout process is secure when it guarantees the integrity and authenticity of critical payment status (order ID, order total, merchant ID and currency). Our approach combines symbolic execution and taint analysis to detect violations of the invariant by tracking tainted payment status and analyzing critical logic flows among merchants, cashiers and users. We have implemented a symbolic execution framework for PHP. In our evaluation of 22 unique payment modules, our tool detected 12 logic vulnerabilities, 11 of which are new. We have also performed successful proof-ofconcept experiments on live websites to confirm our findings.

show abstract

Precise interface identification to improve testing and analysis of web applications

Cited by 60 publications

References 26 publications

Invariant-Based Automatic Testing of Modern Web Applications

Invariant-Based Automatic Testing of Modern Web Applications

An Effective Regression Testing Approach for PHP Web Applications

Detecting Logic Vulnerabilities in E-commerce Applications

Contact Info

Product

Resources

About