Automated verification and test case generation for input validation
Proceedings of the 2006 international workshop on Automation of software test
A case study of automatically creating test suites from web application field data
Proceedings of the 2006 workshop on Testing, analysis, and verification of web services and applications
Bridging the gap between web application firewalls and web applications
Proceedings of the fourth ACM workshop on Formal methods in security
Data flow analysis and testing of JSP-based Web applications
Information and Software Technology
Testing input validation in Web applications through automated model recovery
Journal of Systems and Software
An approach for the maintenance of input validation
Information and Software Technology
Covering code behavior on input validation in functional testing
Information and Software Technology
Building test cases and oracles to automate the testing of web database applications
Information and Software Technology
Cookies: A deployment study and the testing implications
ACM Transactions on the Web (TWEB)
Scalability issues with using FSMWeb to test web applications
Information and Software Technology
A semantic data validation service for web applications
Journal of Theoretical and Applied Electronic Commerce Research
Modeling consumer-perceived web application fault severities for testing
Proceedings of the 19th international symposium on Software testing and analysis
Perturbation-based user-input-validation testing of web applications
Journal of Systems and Software
Improving data perturbation testing techniques for Web services
Information Sciences: an International Journal
Towards automated oracles for GUI input validation
Proceedings of the 6th International Workshop on Automation of Software Test
Practical elimination of external interaction vulnerabilities in web applications
Journal of Web Engineering
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Automated web application testing using search based software engineering
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Automated cookie collection testing
ACM Transactions on Software Engineering and Methodology (TOSEM)
A case study on bypass testing of web applications
Empirical Software Engineering
| Hi-index | 0.00 |
Web software applications are increasingly being deployed in sensitive situations. Web applications are used to transmit, accept and store data that is personal, company confidential and sensitive. Input validation testing (IVT) checks user inputs to ensure that they conform to the program's requirements, which is particularly important for software that relies on user inputs, including Web applications. A common technique in Web applications is to perform input validation on the client with scripting languages such as JavaScript. An insidious problem with client-side input validation is that end users can bypass this validation. Bypassing validation can cause failures in the software, and can also break the security on Web applications, leading to unauthorized access to data, system failures, invalid purchases and entry of bogus data. We are developing a strategy called bypass testing to create client-side tests for Web applications that intentionally violate explicit and implicit checks on user inputs. This paper describes the strategy, defines specific rules and adequacy criteria for tests, describes a proof-of-concept automated tool, and presents initial empirical results from applying bypass testing.