A Fault Injection Based Approach to Assessment of Quality of Test Sets for BPEL Processes

Grela, Damian; Sapiecha, Krzysztof; Strug, Joanna

doi:10.1007/978-3-642-54092-9_6

Cited by 2 publications

(2 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Theseearliereffortsusefaultinjectiontechniquetotestrobustnessofsecurityscannertools(Fonsecaetal.,2007),effectiveness ofintrusiondetectionsystems (Vignaetal.,2004),robustnessofrouterprotocolimplementation (Tal etal.,2004),effectivenessofinputvalidationroutines (Kieżunetal.,2008),capabilityofhandling malformedfiles(Ghosh&Kelly,n.d),robustnessofembedded(Fouqueetal.,2012),andutility applications (Voas,2000). Veryfewapproachesrelyondesign-levelinformationtogeneratetestcases.Salaset al( 2007) generatedOCLconstraintsfromUMLclassdiagramsandsolvethemtogeneratetestcases;while Grela et al (2015) proposed fault-injection in business processes expressed in Business Process ExecutionLanguage.Ourworkiscloselyrelatedtothetestcasegenerationmethodpresentedby Aicherniget al (2005).Theyobtainedpre-andpost-conditionspecifications,expressedthemin OCLspecificationsforatriangletypedeterminationprogram.Incontrast,wehavegeneratedOCL specificationsforPHPapplicationsrelevanttoLDAPqueryinjectionattacks.…”

Section: Fault-injection Based Approachesmentioning

confidence: 99%

LDAP Vulnerability Detection in Web Applications

Shahriar

Haddad

Bulusu

2017

International Journal of Secure Software Engineering

View full text Add to dashboard Cite

Lightweight Directory Access Protocol (LDAP) is commonly used in web applications to provide lookup information and enforcing authentication. Web applications may suffer from LDAP injection vulnerabilities that can lead to security breaches such as login bypass and privilege escalation. This paper1 proposes OCL fault injection-based detection of LDAP injection attacks. The authors extract design-level information and constraints expressed in OCL and then randomly alter them to generate test cases that have the capability to uncover LDAP injection vulnerabilities. The authors proposed approaches to implement test case generation, and they used one open source PHP application and one custom application to evaluate the proposed approach. The analysis shows that this approach can detect LDAP injection vulnerabilities.

show abstract

Section: Fault-injection Based Approachesmentioning

confidence: 99%

LDAP Vulnerability Detection in Web Applications

Shahriar

Haddad

Bulusu

2017

International Journal of Secure Software Engineering

View full text Add to dashboard Cite

show abstract

“…Fault injection injects anomalies into a system to assess the dependability of the system. Traditional fault injection approaches for web services mostly focus on functionality related issues, e.g., injecting mutated data into a system to see whether the system can handle data corruption caused by network transmission errors [4,9,11,18,21]. Besides functionality related issues, performance related issues are also very important.…”

Section: Introductionmentioning

confidence: 99%

Fault Injection for Performance Testing of Composite Web Services

Qian¹,

Wu²,

Chen³

et al. 2018

IJPE

View full text Add to dashboard Cite

Fault injection has already been used to access the dependability of web services. However, most of the existing work focuses on how to inject faults. Problems such as where to inject faults and what faults should be injected still have not been systematically studied in literature, especially for the testing of performance related issues in composite web services. This paper presents an approach that defines coverage criteria to guide fault injection testing of performance related issues in composite web services. We generate fault injection configurations that follows the defined test criteria for systematic fault injection. The configurations specify where to inject faults and what faults should be injected, and the injected faults (e.g. message delays) are generated according to the characteristics of each individual sub-service in order to make the faults more realistic. With the fault injection configurations, the fault injection process can be automatically conducted and the performance of a composite service can be effectively evaluated.

show abstract

A Fault Injection Based Approach to Assessment of Quality of Test Sets for BPEL Processes

Cited by 2 publications

References 11 publications

LDAP Vulnerability Detection in Web Applications

LDAP Vulnerability Detection in Web Applications

Fault Injection for Performance Testing of Composite Web Services

Contact Info

Product

Resources

About