Location of Repository

An industrial case study of bypass testing on web applications

By Jeff Offutt, Qingxiang Wang and Joann J. Ordille

Abstract

Web applications are interactive programs that are deployed on the world wide web. Their execution is usually controlled very heavily by user choices and user data. This makes them vulnerable to abnormal behavior from invalid inputs as well as security attacks. Thus, web applications invest heavily in validating user inputs according to defined constraints on the values. This work focuses on validation done on the client, which uses two types of technologies; restrictions in HTML form fields and scripts that check values. Unfortunately users have the ability to subvert or skip client-side validation. Bypass testing has been developed to test the behavior of web applications when client-side validation is skipped. This paper presents results from an industry case study of bypass testing applied to a project fro

Year: 2008
OAI identifier: oai:CiteSeerX.psu:10.1.1.190.754
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://www.ise.gmu.edu/%7Eoffu... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.