A Review on Web Application Testing and its Current Research Directions

Testing is an important part of every software development process on which companies devote considerable time and effort. The burgeoning web applications and their proliferating economic significance in the society made the area of web application testing an area of acute importance. The web applications generally tend to take faster and quicker release cycles making their testing very challenging. The main issues in testing are cost efficiency and bug detection efficiency. Coverage-based   testing is the process of ensuring exercise of specific program elements. Coverage measurement helps determine the “thoroughness” of testing achieved. An avalanche of tools, techniques, frameworks came into existence to ascertain the quality of web applications.  A comparative study of some of the prominent tools, techniques and models for web application testing is presented. This work highlights the current research directions of some of the web application testing techniques

Ernst Denert Award for Software Engineering 2020

This open access book provides an overview of the dissertations of the eleven nominees for the Ernst Denert Award for Software Engineering in 2020. The prize, kindly sponsored by the Gerlind & Ernst Denert Stiftung, is awarded for excellent work within the discipline of Software Engineering, which includes methods, tools and procedures for better and efficient development of high quality software. An essential requirement for the nominated work is its applicability and usability in industrial practice. The book contains eleven papers that describe the works by Jonathan Brachthäuser (EPFL Lausanne) entitled What You See Is What You Get: Practical Effect Handlers in Capability-Passing Style, Mojdeh Golagha’s (Fortiss, Munich) thesis How to Effectively Reduce Failure Analysis Time?, Nikolay Harutyunyan’s (FAU Erlangen-Nürnberg) work on Open Source Software Governance, Dominic Henze’s (TU Munich) research about Dynamically Scalable Fog Architectures, Anne Hess’s (Fraunhofer IESE, Kaiserslautern) work on Crossing Disciplinary Borders to Improve Requirements Communication, Istvan Koren’s (RWTH Aachen U) thesis DevOpsUse: A Community-Oriented Methodology for Societal Software Engineering, Yannic Noller’s (NU Singapore) work on Hybrid Differential Software Testing, Dominic Steinhofel’s (TU Darmstadt) thesis entitled Ever Change a Running System: Structured Software Reengineering Using Automatically Proven-Correct Transformation Rules, Peter Wägemann’s (FAU Erlangen-Nürnberg) work Static Worst-Case Analyses and Their Validation Techniques for Safety-Critical Systems, Michael von Wenckstern’s (RWTH Aachen U) research on Improving the Model-Based Systems Engineering Process, and Franz Zieris’s (FU Berlin) thesis on Understanding How Pair Programming Actually Works in Industry: Mechanisms, Patterns, and Dynamics – which actually won the award. The chapters describe key findings of the respective works, show their relevance and applicability to practice and industrial software engineering projects, and provide additional information and findings that have only been discovered afterwards, e.g. when applying the results in industry. This way, the book is not only interesting to other researchers, but also to industrial software professionals who would like to learn about the application of state-of-the-art methods in their daily work

Ernst Denert Award for Software Engineering 2020

This open access book provides an overview of the dissertations of the eleven nominees for the Ernst Denert Award for Software Engineering in 2020. The prize, kindly sponsored by the Gerlind & Ernst Denert Stiftung, is awarded for excellent work within the discipline of Software Engineering, which includes methods, tools and procedures for better and efficient development of high quality software. An essential requirement for the nominated work is its applicability and usability in industrial practice. The book contains eleven papers that describe the works by Jonathan Brachthäuser (EPFL Lausanne) entitled What You See Is What You Get: Practical Effect Handlers in Capability-Passing Style, Mojdeh Golagha’s (Fortiss, Munich) thesis How to Effectively Reduce Failure Analysis Time?, Nikolay Harutyunyan’s (FAU Erlangen-Nürnberg) work on Open Source Software Governance, Dominic Henze’s (TU Munich) research about Dynamically Scalable Fog Architectures, Anne Hess’s (Fraunhofer IESE, Kaiserslautern) work on Crossing Disciplinary Borders to Improve Requirements Communication, Istvan Koren’s (RWTH Aachen U) thesis DevOpsUse: A Community-Oriented Methodology for Societal Software Engineering, Yannic Noller’s (NU Singapore) work on Hybrid Differential Software Testing, Dominic Steinhofel’s (TU Darmstadt) thesis entitled Ever Change a Running System: Structured Software Reengineering Using Automatically Proven-Correct Transformation Rules, Peter Wägemann’s (FAU Erlangen-Nürnberg) work Static Worst-Case Analyses and Their Validation Techniques for Safety-Critical Systems, Michael von Wenckstern’s (RWTH Aachen U) research on Improving the Model-Based Systems Engineering Process, and Franz Zieris’s (FU Berlin) thesis on Understanding How Pair Programming Actually Works in Industry: Mechanisms, Patterns, and Dynamics – which actually won the award. The chapters describe key findings of the respective works, show their relevance and applicability to practice and industrial software engineering projects, and provide additional information and findings that have only been discovered afterwards, e.g. when applying the results in industry. This way, the book is not only interesting to other researchers, but also to industrial software professionals who would like to learn about the application of state-of-the-art methods in their daily work

Fundamental Approaches to Software Engineering

This open access book constitutes the proceedings of the 23rd International Conference on Fundamental Approaches to Software Engineering, FASE 2020, which took place in Dublin, Ireland, in April 2020, and was held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020. The 23 full papers, 1 tool paper and 6 testing competition papers presented in this volume were carefully reviewed and selected from 81 submissions. The papers cover topics such as requirements engineering, software architectures, specification, software quality, validation, verification of functional and non-functional properties, model-driven development and model transformation, software processes, security and software evolution

Program crash analysis : evaluation and application of current methods

After decades of development in computer science, memory corruption bugs still pose a threat to the reliability of software. Automatic crash reporting and fuzz testing are effective ways of gathering information about program bugs. However, these methods can potentially produce thousands of crash dumps, motivating the need for grouping and prioritizing crashes. In addition, the time necessary to analyze the root cause of crashes and to implement a reliable fix in source code should be reduced. This thesis demonstrates how fuzzing can produce a large set of different crashes in a real program. An empirical study explores methods for analyzing these crashes. Automatic bucketing and classification is performed. Call stack based grouping algorithms are compared, and modifications are suggested. Taint analysis is demonstrated as a complementary method to automatic classification based on crash dumps. Dynamic analysis using execution traces is demonstrated as a method for root cause analysis. The empirical study suggests some general results regarding program crash analysis. Crashes should be grouped based on related crash locations and identified similarities in call stacks. A distance algorithm can be used for call stack based grouping and to identify relations between groups. It is suggested that a weighted priority model should be used for prioritizing crashes based on a strategic policy. Some possible metrics are frequency, reliability, severity estimate and relations to already fixed bugs. In order to properly fix a memory corruption bug, the underlying cause should be understood at machine-level. Execution traces with logged operands, differential debugging, Crash Graphs and input analysis might help developers analyze different aspects of memory corruption bugs

Securing the in-vehicle network

Recent research into automotive security has shown that once a single electronic vehicle component is compromised, it is possible to take control of the vehicle. These components, called Electronic Control Units, are embedded systems which manage a significant part of the functionality of a modern car. They communicate with each other via the in-vehicle network, known as the Controller Area Network, which is the most widely used automotive bus. In this thesis, we introduce a series of novel proposals to improve the security of both the Controller Area Network bus and the Electronic Control Units. The Controller Area Network suffers from a number of shortfalls, one of which is the lack of source authentication. We propose a protocol that mitigates this fundamental shortcoming in the Controller Area Network bus design, and protects against a number of high profile media attacks that have been published. We derive a set of desirable security and compatibility properties which an authentication protocol for the Controller Area Network bus should possess. We evaluate our protocol, along with other proposed protocols in the literature, with respect to the defined properties. Our systematic analysis of the protocols allows the automotive industry to make an informed choice regarding the adoption suitability of these solutions. However, it is not only the communication of Electronic Control Units that needs to be secure, but the firmware running on them as well. The growing number of Electronic Control Units in a vehicle, together with their increasing complexity, prompts the need for automated tools to test their security. Part of the challenge in designing such a tool is the diversity of Electronic Control Unit architectures. To this end, this thesis presents a methodology for extracting the Control Flow Graph from the Electronic Control Unit firmware. The Control Flow Graph is a platform independent representation of the firmware control flow, allowing us to abstract from the underlying architecture. We present a fuzzer for Electronic Control Unit firmware fuzz-testing via Controller Area Network. The extracted Control Flow Graph is tagged with static data used in instructions which influence the control flow of the firmware. It is then used to create a set of input seeds for the fuzzer, and in altering the inputs during the fuzzing process. This approach represents a step towards an efficient fuzzing methodology for Electronic Control Units. To our knowledge, this is the first proposal that uses static analysis to guide the fuzzing of Electronic Control Units