The Complexity of Some Problems on Subsequences and Supersequences
Journal of the ACM (JACM)
A linear space algorithm for computing maximal common subsequences
Communications of the ACM
Analysis and testing of Web applications
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Writing Secure Code
An Approach to Identify Duplicated Web Pages
COMPSAC '02 Proceedings of the 26th International Computer Software and Applications Conference on Prolonging Software Life: Development and Redevelopment
Web application security assessment by fault injection and behavior monitoring
WWW '03 Proceedings of the 12th international conference on World Wide Web
Improving web application testing with user session data
Proceedings of the 25th International Conference on Software Engineering
Object-Based Data Flow Testing of Web Applications
APAQS '00 Proceedings of the The First Asia-Pacific Conference on Quality Software (APAQS'00)
Structural Testing of Web Applications
ISSRE '00 Proceedings of the 11th International Symposium on Software Reliability Engineering
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Online Testing of Web-Based Applications
COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts - Volume 02
Bypass Testing of Web Applications
ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
Leveraging User-Session Data to Support Web Application Testing
IEEE Transactions on Software Engineering
Automation and customization of rendered web pages
Proceedings of the 18th annual ACM symposium on User interface software and technology
Automated replay and failure detection for web applications
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Using a Competitive Clustering Algorithm to Comprehend Web Applications
WSE '06 Proceedings of the Eighth IEEE International Symposium on Web Site Evolution
Testing Web-based applications: The state of the art and future trends
Information and Software Technology
Improving test case generation for web applications using automated interface discovery
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Using assertions to help end-user programmers create dependable web macros
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Developing secure web applications
International Journal of Internet Technology and Secured Transactions
| Hi-index | 0.00 |
User-input-validation (UIV) is the first barricade that protects web applications from application-level attacks. Most UIV test tools cannot detect semantics-related vulnerabilities in validators, such as filling a five-digit number to a field that accepts a year. To address this issue, we propose a new approach to generate test inputs for UIV based on the analysis of client-side information. In particular, we use input-field information to generate valid inputs, and then perturb valid inputs to generate invalid test inputs. We conducted an empirical study to evaluate our approach. The empirical result shows that, in comparison to existing vulnerability scanners, our approach is more effective than existing vulnerability scanners in finding semantics-related vulnerabilities of UIV for web applications.