Testing Web applications by modeling with FSMs

Andrews, Anneliese; Offutt, Jeff; Alexander, Robert R.

doi:10.1007/s10270-004-0077-7

Cited by 260 publications

(213 citation statements)

References 21 publications

Supporting

Mentioning

205

Contrasting

Unclassified

Order By: Relevance

“…Some of these techniques share with GUI testing the underlying idea of covering specific sequences of events, for instance semantically interacting events [23]. Other techniques produce test cases by relying on navigation models [24] or data captured from users sessions [25]. While these models and data are quite common for Web applications, they are less frequently available for GUI applications.…”

Section: Related Workmentioning

confidence: 99%

AutoBlackTest: Automatic Black-Box Testing of Interactive Applications

Mariani

Pezzè

Riganelli

et al. 2012

2012 IEEE Fifth International Conference on Software Testing, Verification and Validation

View full text Add to dashboard Cite

Abstract-Automatic test case generation is a key ingredient of an efficient and cost-effective software verification process. In this paper we focus on testing applications that interact with the users through a GUI, and present AutoBlackTest, a technique to automatically generate test cases at the system level. AutoBlackTest uses reinforcement learning, in particular Q-Learning, to learn how to interact with the application under test and stimulate its functionalities. The empirical results show that AutoBlackTest can execute a relevant portion of the code of the application under test, and can reveal previously unknown problems by working at the system level and interacting only through the GUI.

show abstract

Section: Related Workmentioning

confidence: 99%

AutoBlackTest: Automatic Black-Box Testing of Interactive Applications

Mariani

Pezzè

Riganelli

et al. 2012

2012 IEEE Fifth International Conference on Software Testing, Verification and Validation

View full text Add to dashboard Cite

show abstract

“…Most of the work in the area has been commercially oriented and focused on improving web crawling techniques, such as OWASP's WebScarab web crawler, 1 or on developing new vulnerability scanners, such as Nessus 4 and Nikto. 5 Notable research contributions in this area include the development of an advanced web crawler by Huang and colleagues [14], and a technique by Elbaum and colleagues [5] that interacts with a web application at runtime to identify IVs and possible domain information.…”

Section: Related Workmentioning

confidence: 99%

“…In this area, there has been a fair amount of work. Early techniques relied on developer-provided specifications [1,15,18], which does not fit well into the usage scenario of penetration testing, where oftentimes the vulnerabilities are found in IVs that are unknown or untested by the developers. Several techniques [6,7,16,19] use session data and user logs to identify relevant information about the monitored web applications.…”

Section: Related Workmentioning

confidence: 99%

“…In fact, many government agencies and trade groups, such as the Communications and Electronic Security Group in the U.K., OWASP, 1 and OSSTMM, 2 accredit penetration testers and sanction penetration testing "best practices." Penetration testing is a useful technique for several reasons: 1) it generally produces a low rate of false positives since it discovers vulnerabilities by exploiting them and thus producing counter examples; 2) it tests applications in context, which allows for the discovery of vulnerabilities that arise from specific configuration and environment issues; and 3) it provides a set of concrete inputs that exploit the discovered vulnerabilities and that can be used to guide developers in correcting the code.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Penetration Testing with Improved Input Vector Identification

Halfond

Choudhary

Orso

2009

2009 International Conference on Software Testing Verification and Validation

View full text Add to dashboard Cite

show abstract

“…Andrews et al [2] employ FSMs with constraints to model and test web applications. Hierarchical decomposition and constraints are used to control the usual state space explosion problem: with hierarchical decomposition the FSM can be decomposed recursively into subsystems.…”

Section: Related Workmentioning

confidence: 99%

Model-Based Testing of Thin-Client Web Applications and Navigation Input

Koopman

Achten

Plasmeijer

Practical Aspects of Declarative Languages

View full text Add to dashboard Cite

Abstract. In this paper we present a novel automated, on-line, modelbased testing system for on-the-fly testing of thin-client web applications. Web applications are specified by means of Extended State Machines. To handle dynamic web applications, arbitrarily large and complex state input and output types, and the transport of information from the webpage to the state of the specification, we define a new, ioco like, conformance relation. In this conformance relation a specification is a function from state and input to functions from output to the new states. The implementation builds on the G∀ST test tool and spots errors in real web applications.

show abstract

Testing Web applications by modeling with FSMs

Cited by 260 publications

References 21 publications

AutoBlackTest: Automatic Black-Box Testing of Interactive Applications

AutoBlackTest: Automatic Black-Box Testing of Interactive Applications

Penetration Testing with Improved Input Vector Identification

Model-Based Testing of Thin-Client Web Applications and Navigation Input

Contact Info

Product

Resources

About