Comparative analysis for performance measurements of software testing between mobile applications and web applications

Software testing has an important role in software engineering, and is fundamental to Software Quality Assurance (SQA). Besides the popularity of web applications, mobile applications have gained paralleled advancement despite increasing complexity. On one hand, this issue reflects the rising concerns for ensuring performance both of web and mobile applications. On the other hand, a comparative analysis of software testing issues between web and mobile applications has not been completed. Thus, this study aims to employ an effective testing approach that is able to adapt both of web and mobile application testing to detect possible failures. To achieve this, UML activity diagrams were developed from four case studies for web and mobile applications to describe the behaviour of those applications. Test cases were then generated by using the MBT technique from the developed UML activity diagrams. Performance measurements Hits per Second, Throughput and Memory Utilization for each case study were evaluated by execution of test cases that were generated by using HP LoadRunner 12.02 tool. Finally, the MSE of performance measurements was compared and analysed among the four case studies. The experimental results showed that the disparity between the mobile applications and web applications was obvious. Based on the comparison analysis for software testing of mobile applications versus web applications that was the web applications were lesser than mobile applications for software testing of four case studies in terms each of the Hits per Second, Throughput and Memory Utilization. Consequently, mobile applications need more attention in the testing process

A Test Suite Generator For Struts Based Applications

Testing web-based enterprise applications requires the use of automated testing frameworks. The testing framework\u27s ability to run suites of test cases through development ensures enhancements work as required and have not caused defects in previously developed sub systems. Open source testing frameworks like JUnit and Cactus have addressed the requirements to test web-based enterprise applications, however they do not address the generation of test cases based on direct analysis of the code under test. This paper presents a tool to generate test cases for web-based enterprise applications. The generator focuses on creating test cases used to test applications built on the Struts MVC framework for the J2EE platform. Using the Struts configuration files, test cases are generated to test each request path and response. The created test cases take advantage of the StrutsTestCase library and run using the JUnit and Cactus frameworks. The generated test cases follow a consistent pattern for the test cases and reduce the time required build the automated testing for the application

Structural Learning of Attack Vectors for Generating Mutated XSS Attacks

Web applications suffer from cross-site scripting (XSS) attacks that resulting from incomplete or incorrect input sanitization. Learning the structure of attack vectors could enrich the variety of manifestations in generated XSS attacks. In this study, we focus on generating more threatening XSS attacks for the state-of-the-art detection approaches that can find potential XSS vulnerabilities in Web applications, and propose a mechanism for structural learning of attack vectors with the aim of generating mutated XSS attacks in a fully automatic way. Mutated XSS attack generation depends on the analysis of attack vectors and the structural learning mechanism. For the kernel of the learning mechanism, we use a Hidden Markov model (HMM) as the structure of the attack vector model to capture the implicit manner of the attack vector, and this manner is benefited from the syntax meanings that are labeled by the proposed tokenizing mechanism. Bayes theorem is used to determine the number of hidden states in the model for generalizing the structure model. The paper has the contributions as following: (1) automatically learn the structure of attack vectors from practical data analysis to modeling a structure model of attack vectors, (2) mimic the manners and the elements of attack vectors to extend the ability of testing tool for identifying XSS vulnerabilities, (3) be helpful to verify the flaws of blacklist sanitization procedures of Web applications. We evaluated the proposed mechanism by Burp Intruder with a dataset collected from public XSS archives. The results show that mutated XSS attack generation can identify potential vulnerabilities.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330

Automated server-side model for recognition of security vulnerabilities in scripting languages

With the increase of global accessibility of web applications, maintaining a reasonable security level for both user data and server resources has become an extremely challenging issue. Therefore, static code analysis systems can help web developers to reduce time and cost. In this paper, a new static analysis model is proposed. This model is designed to discover the security problems in scripting languages. The proposed model is implemented in a prototype SCAT, which is a static code analysis Tool. SCAT applies the phases of the proposed model to catch security vulnerabilities in PHP 5.3. Empirical results attest that the proposed prototype is feasible and is able to contribute to the security of real-world web applications. SCAT managed to detect 94% of security vulnerabilities found in the testing benchmarks; this clearly indicates that the proposed model is able to provide an effective solution to complicated web systems by offering benefits of securing private data for users and maintaining web application stability for web applications providers