An approach for the maintenance of input validation
Information and Software Technology
Covering code behavior on input validation in functional testing
Information and Software Technology
Event-based input validation using design-by-contract patterns
ISSRE'09 Proceedings of the 20th IEEE international conference on software reliability engineering
Automated removal of cross site scripting vulnerabilities in web applications
Information and Software Technology
Hi-index | 0.00 |
This research addresses the problem of statically analyzing input command syntax as defined in interface and requirements specifications and then generating test cases for dynamic input validation testing. The IVAT (Input Validation Analysis and Testing) technique has been developed, a proof-of-concept tool (MICASA) has been implemented, and a case study validation has been performed. Empirical validation on large-scale industrial software (from the Tomahawk Cruise Missile) shows that as compared with senior, experienced analysts and testers, MICASA found more syntactic requirement specification defects, generated test cases with higher syntactic coverage, and found additional defects. The experienced analysts found more semantic defects than MICASA, and the experienced testers' cases found 7.4 defects per test case as opposed to an average of 4.6 defects found by MICASA test cases. Additionally, the MICASA tool performed at less cost.