Constraint-Based Automatic Test Data Generation
IEEE Transactions on Software Engineering
The dynamic domain reduction procedure for test data generation
Software—Practice & Experience
Proceedings of the Conference on The Future of Software Engineering
Analysis and testing of Web applications
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Testing Processes of Web Applications
Annals of Software Engineering
Quality Attributes of Web Software Applications
IEEE Software
An Object-Oriented Web Test Model for Testing Web Applications
COMPSAC '00 24th International Computer Software and Applications Conference
Improving web application testing with user session data
Proceedings of the 25th International Conference on Software Engineering
Structural Testing of Web Applications
ISSRE '00 Proceedings of the 11th International Symposium on Software Reliability Engineering
Software Quality Across the Curriculum
CSEET '02 Proceedings of the 15th Conference on Software Engineering Education and Training
User-Oriented Reliability Modeling for a Web System
ISSRE '03 Proceedings of the 14th International Symposium on Software Reliability Engineering
A Scalable Approach to User-Session based Testing of Web Applications through Concept Analysis
Proceedings of the 19th IEEE international conference on Automated software engineering
Web Application Bypass Testing
COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts - Volume 02
Bypass Testing of Web Applications
ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
Leveraging User-Session Data to Support Web Application Testing
IEEE Transactions on Software Engineering
ICSM '05 Proceedings of the 21st IEEE International Conference on Software Maintenance
Automated replay and failure detection for web applications
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Agile Security Testing of Web-Based Systems via HTTPUnit
ADC '05 Proceedings of the Agile Development Conference
Web Application Testing with Customized Test Requirements - An Experimental Comparison Study
ISSRE '06 Proceedings of the 17th International Symposium on Software Reliability Engineering
Improving test case generation for web applications using automated interface discovery
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Applying Concept Analysis to User-Session-Based Testing of Web Applications
IEEE Transactions on Software Engineering
Automated Oracle Comparators for TestingWeb Applications
ISSRE '07 Proceedings of the The 18th IEEE International Symposium on Software Reliability
International Journal of Web Engineering and Technology
Scalability issues with using FSMWeb to test web applications
Information and Software Technology
Tailored Shielding and Bypass Testing of Web Applications
ICST '11 Proceedings of the 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation
ICST '12 Proceedings of the 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation
| Hi-index | 0.00 |
Society's increasing reliance on services provided by web applications places a high demand on their reliability. The flow of control through web applications heavily depends on user inputs and interactions, so user inputs should be thoroughly validated before being passed to the back-end software. Although several techniques are used to validate inputs on the client, users can easily bypass this validation and submit arbitrary data to the server. This can cause unexpected behavior, and even allow unauthorized access. A test technique called bypass testing intentionally sends invalid data to the server by bypassing client-side validation. This paper reports results from a comprehensive case study on 16 deployed, widely used, commercial web applications. As part of this project, the theory behind bypass testing was extended and an automated tool, AutoBypass, was built. The case study found failures in 14 of the 16 web applications tested, some significant. This study gives evidence that bypass testing is effective, has positive return on investment, and scales to real applications.