5 research outputs found
Rubicon: Bounded Verification of Web Applications
Rubicon is a verifier for web applications. Specifications are written in an embedded domain-specific language and are checked fully automatically. Rubicon is designed to fit with current practices: its language is based on RSpec, a popular testing framework, and its analysis leverages the standard Ruby interpreter to perform symbolic execution (generating verification conditions that are checked by the Alloy Analyzer). Rubicon has been evaluated on five open-source applications; in one, a widely used customer relationship management system, a previously unknown security flaw was revealed.National Science Foundation (U.S.) (CRI: CRD - Development of Alloy Technology and Materials Grant 0707612
Symbolic Execution for (Almost) Free: Hijacking an Existing Implementation to Perform Symbolic Execution
Symbolic execution of a language is traditionally achieved by replacing the language s interpreter with an entirely new interpreter. This may be an unnecessary burden, and it is tempting instead to try to use as much of the existing interpret infrastructure as possible, both for handling aspects of the computation that are not symbolic, and for propagating symbolic ones. This approach was used to implement Rubicon, a bounded verification system for Ruby on Rails web applications, in less than 1000 lines of Ruby code. Rubicon uses symbolic execution to derive verification conditions from Rails applications and an off-the-shelf solver to check them. Despite its small size, Rubicon has been used to find previously unknown bugs in open-source Rails applications. The key idea is to encode symbolic values and operations in a library written in the target language itself, overriding only a small part of the standard interpreter. We formalize this approach, showing that replacing a few key operators with symbolic versions in a standard interpreter gives the same effect as replacing the entire interpreter with a symbolic one
Improved web page traverse using genetic algorithm
Correct navigational behavior of a web application is essential to its reliability. An effective means to improving our confidence in the correct behavior of a web application is to test it by exploring the possible navigation among the web pages at the client side: The tester carries out the testing by consecutively clicking the hyperlinks along with some possible search parameters and checking whether the returned web pages are as expected. Traditional conformance testing techniques based on graph can be adopted in this setting to automatically generate suitable test sequences to traverse among client pages. In this thesis, we present an improvement on T-method for test sequence generation to reduce considerably its length by making use of a genetic algorithm. Our experiments show a 340%-68% saving on the test sequence lengths compared to the direct application of T-method
Uma abordagem de alto nÃvel para a verificação de conteúdos na web
A manutenção do conteúdo web pode ser uma tarefa difÃcil, especialmente se
considerarmos websites em que muitos utilizadores têm permissões para alterar o seu
conteúdo. Um exemplo deste tipo de websites são os wikis. Se por um lado permitem
rápida disseminação de conhecimento, por outro lado implicam um grande esforço
para verificar a qualidade do seu conteúdo. Nesta tese analisamos diferentes
abordagens à modelação de websites, especialmente para a verificação de conteúdo,
onde contribuÃmos com uma extensão à ferramenta VeriFLog para a tornar mais
adequada à verificação de conteúdos em websites colaborativos.Imposing constraints in web site content can be a difficult task, especially when such
content is edited by many different people. One example of such scenario Is open
collaboration web sites such as wikis. There, many different users can add and edit
content. In one hand we have a way to rapidly disseminate a considerable amount of
knowledge but on the other hand we need a constant and big effort to ensure high
quality standards. In the thesis we survey different approaches to model and capture
website’s properties and focus on content verification where we can contribute with an
extension of the VeriFLog tool with new features to enhance its application to open
collaboration web sites