Symbolic execution and program testing
Communications of the ACM
Analysis and testing of Web applications
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Measuring and Modeling Usage and Reliability for Statistical Web Testing
IEEE Transactions on Software Engineering - Special section on the seventh international software metrics symposium
Automated Software Engineering
Web application security assessment by fault injection and behavior monitoring
WWW '03 Proceedings of the 12th international conference on World Wide Web
Improving web application testing with user session data
Proceedings of the 25th International Conference on Software Engineering
Dynamic Model Extraction and Statistical Analysis of Web Applications
WSE '02 Proceedings of the Fourth International Workshop on Web Site Evolution (WSE'02)
Testing web database applications
ACM SIGSOFT Software Engineering Notes
Leveraging User-Session Data to Support Web Application Testing
IEEE Transactions on Software Engineering
An exploration of statistical models for automated test case generation
WODA '05 Proceedings of the third international workshop on Dynamic analysis
Web application characterization through directed requests
Proceedings of the 2006 international workshop on Dynamic systems analysis
Command-Form Coverage for Testing Database Applications
ASE '06 Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering
Dynamic test input generation for database applications
Proceedings of the 2007 international symposium on Software testing and analysis
Improving test case generation for web applications using automated interface discovery
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Dynamic test input generation for web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Finding bugs in dynamic web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Automated identification of parameter mismatches in web applications
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Penetration Testing with Improved Input Vector Identification
ICST '09 Proceedings of the 2009 International Conference on Software Testing Verification and Validation
Type-dependence analysis and program transformation for symbolic execution
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
JPF-SE: a symbolic execution extension to Java PathFinder
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
Enforcing request integrity in web applications
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Statically locating web application bugs caused by asynchronous calls
Proceedings of the 20th international conference on World wide web
Automated driver generation for analysis of web applications
FASE'11/ETAPS'11 Proceedings of the 14th international conference on Fundamental approaches to software engineering: part of the joint European conferences on theory and practice of software
WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction
Proceedings of the 18th ACM conference on Computer and communications security
Automated web application testing using search based software engineering
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Static detection of resource contention problems in server-side scripts
Proceedings of the 34th International Conference on Software Engineering
Automated detection of client-state manipulation vulnerabilities
Proceedings of the 34th International Conference on Software Engineering
An automated analysis methodology to detect inconsistencies in web services with WSDL interfaces
Software Testing, Verification & Reliability
Automatically repairing broken workflows for evolving GUI applications
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Efficient and flexible GUI test execution via test merging
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Guided test generation for web applications
Proceedings of the 2013 International Conference on Software Engineering
Path sensitive static analysis of web applications for remote code execution vulnerability detection
Proceedings of the 2013 International Conference on Software Engineering
Server interface descriptions for automated testing of JavaScript web applications
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Journal of Systems and Software
Automated detection of parameter tampering opportunities and vulnerabilities in web applications
Journal of Computer Security
Hi-index | 0.00 |
As web applications become more widespread, sophisticated, and complex, automated quality assurance techniques for such applications have grown in importance. Accurate interface identification is fundamental for many of these techniques, as the components of a web application communicate extensively via implicitly-defined interfaces to generate customized and dynamic content. However, current techniques for identifying web application interfaces can be incomplete or imprecise, which hinders the effectiveness of quality assurance techniques. To address these limitations, we present a new approach for identifying web application interfaces that is based on a specialized form of symbolic execution. In our empirical evaluation, we show that the set of interfaces identified by our approach is more accurate than those identified by other approaches. We also show that this increased accuracy leads to improvements in several important quality assurance techniques for web applications: test-input generation, penetration testing, and invocation verification.