This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Precise Interface Identification to Improve Testing and Analysis of Web Applications William G.J. Halfond, Saswat Anand, and Alessandro Orso Georgia Institute of Technology Atlanta, GA, USA [email protected] ABSTRACT As web applications become more widespread, sophisticated, and complex, automated quality assurance techniques for such applications have grown in importance. Accurate in- terface identification is fundamental for many of these tech- niques, as the components of a web application communicate extensively via implicitly-defined interfaces to generate cus- tomized and dynamic content. However, current techniques for identifying web application interfaces can be incomplete or imprecise, which hinders the effectiveness of quality assur- ance techniques. To address these limitations, we present a new approach for identifying web application interfaces that is based on a specialized form of symbolic execution. In our empirical evaluation, we show that the set of interfaces iden- tified by our approach is more accurate than those identified by other approaches. We also show that this increased ac- curacy leads to improvements in several important quality assurance techniques for web applications: test-input gener- ation, penetration testing, and invocation verification. Categories and Subject Descriptors : D.2.5 [Software Engineering]: Testing and Debugging; General Terms : Algorithms, Experimentation, Reliability, Verification Keywords : Web application testing, interface identifica- tion 1. INTRODUCTION The importance of automated quality assurance techniques for web applications has grown with these applications’ in- creased complexity and sophistication. As users come to expect integrated content and a personalized web experi- ence, developers respond by building web applications that can generate dynamic and customized content. Behind the scenes, the components of a dynamic web application com- municate extensively via their interfaces to generate this dy- namic content. This makes accurate interface identification an important part of many quality assurance techniques for Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. ISSTA’09, July 19–23, 2009, Chicago, Illinois, USA. Copyright 2009 ACM 978-1-60558-338-9/09/07 ...$5.00. web applications, such as test-input generation, penetration testing, and invocation verification....
View Full Document
This note was uploaded on 12/06/2009 for the course CIS 672 taught by Professor Taufer during the Fall '06 term at Georgia Institute of Technology.
- Fall '06