A Formal Evaluation of Data Flow Path Selection Criteria
IEEE Transactions on Software Engineering
Automated Software Test Data Generation
IEEE Transactions on Software Engineering
Comparison of program testing strategies
TAV4 Proceedings of the symposium on Testing, analysis, and verification
The craft of software testing: subsystem testing including object-based and object-oriented testing
The craft of software testing: subsystem testing including object-based and object-oriented testing
The chaining approach for software test data generation
ACM Transactions on Software Engineering and Methodology (TOSEM)
Theory of Fault-Based Predicate Testing for Computer Programs
IEEE Transactions on Software Engineering
Software unit test coverage and adequacy
ACM Computing Surveys (CSUR)
Automated test data generation using an iterative relaxation method
SIGSOFT '98/FSE-6 Proceedings of the 6th ACM SIGSOFT international symposium on Foundations of software engineering
Interprocedural control dependence
ACM Transactions on Software Engineering and Methodology (TOSEM)
Analysis and testing of Web applications
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Coverage criteria for GUI testing
Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
Art of Software Testing
A Comparison of Some Structural Testing Strategies
IEEE Transactions on Software Engineering
Preliminary guidelines for empirical research in software engineering
IEEE Transactions on Software Engineering
Increased Software Reliability Through Input Validation Analysis and Testing
ISSRE '99 Proceedings of the 10th International Symposium on Software Reliability Engineering
Structural Testing of Web Applications
ISSRE '00 Proceedings of the 11th International Symposium on Software Reliability Engineering
IEEE Transactions on Software Engineering
Bypass Testing of Web Applications
ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
Automated verification and test case generation for input validation
Proceedings of the 2006 international workshop on Automation of software test
Experimental program analysis: a new program analysis paradigm
Proceedings of the 2006 international symposium on Software testing and analysis
An Automatic Generator for Compiler Testing
IEEE Transactions on Software Engineering
Coverage criteria for testing of object interactions in sequence diagrams
FASE'05 Proceedings of the 8th international conference, held as part of the joint European Conference on Theory and Practice of Software conference on Fundamental Approaches to Software Engineering
An approach for the maintenance of input validation
Information and Software Technology
Covering code behavior on input validation in functional testing
Information and Software Technology
Can we evaluate the quality of software engineering experiments?
Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement
Checking enforcement of integrity constraints in database applications based on code patterns
Journal of Systems and Software
Automated removal of cross site scripting vulnerabilities in web applications
Information and Software Technology
Information and Software Technology
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
| Hi-index | 0.00 |
Input validation is essential and critical in Web applications. It is the enforcement of constraints that any input must satisfy before it is accepted to raise external effects. We have discovered some empirical properties for characterizing input validation in Web applications. In this paper, we propose an approach for automated recovery of input validation model from program source code. The model recovered is represented in a variant of control flow graph, called validation flow graph, which shows essential input validation features implemented in programs. Based on the model, we then formulate two coverage criteria for testing input validation. The two criteria can be used to guide the structural testing of input validation in Web applications. We have evaluated the proposed approach through case studies and experiments.