408,247 research outputs found
Automated Functional Testing based on the Navigation of Web Applications
Web applications are becoming more and more complex. Testing such
applications is an intricate hard and time-consuming activity. Therefore,
testing is often poorly performed or skipped by practitioners. Test automation
can help to avoid this situation. Hence, this paper presents a novel approach
to perform automated software testing for web applications based on its
navigation. On the one hand, web navigation is the process of traversing a web
application using a browser. On the other hand, functional requirements are
actions that an application must do. Therefore, the evaluation of the correct
navigation of web applications results in the assessment of the specified
functional requirements. The proposed method to perform the automation is done
in four levels: test case generation, test data derivation, test case
execution, and test case reporting. This method is driven by three kinds of
inputs: i) UML models; ii) Selenium scripts; iii) XML files. We have
implemented our approach in an open-source testing framework named Automatic
Testing Platform. The validation of this work has been carried out by means of
a case study, in which the target is a real invoice management system developed
using a model-driven approach.Comment: In Proceedings WWV 2011, arXiv:1108.208
Search based path and input data generation for web application testing
Test case generation for web applications aims at ensuring full coverage of the navigation structure. Existing approaches resort to crawling and manual/random input generation, with or without a preliminary construction of the navigation model. However, crawlers might be unable to reach some parts of the web application and random input generation might not receive enough guidance to produce the inputs needed to cover a given path. In this paper, we take advantage of the navigation structure implicitly specified by developers when they write the page objects used for web testing and we define a novel set of genetic operators that support the joint generation of test inputs and feasible navigation paths. On a case study, our tool Subweb was able to achieve higher coverage of the navigation model than crawling based approaches, thanks to its intrinsic ability of generating inputs for feasible paths and of discarding likely infeasible paths
Session models of navigational behavior of Web applications in EFSM.
While providing better performance, transparency and expressiveness, the main features of the web technologies such as web caching, session and cookies, dynamically generated web pages etc. also make the web applications more complex and error-prone. In this regard, formal verification and specification-based testing play an important role in assessing the correct navigations of the web applications. As the basis for the static analysis or test case generations, the formal models of the web applications should contain information of the navigational behavior comprising the web technologies we are interested in. Here we provide the automated generation of such a model in terms of Extended Finite State Machines from a set of descriptions of the functionality of each individual element of the web applications. The generated model can be used for better quality assurance for web application in formal verification and specification-based testing. We take into account the cookies and dynamic link techniques used in the dynamically generated web pages, as they may have impact on the correct web page navigations. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2005 .C44. Source: Masters Abstracts International, Volume: 44-03, page: 1396. Thesis (M.Sc.)--University of Windsor (Canada), 2005
A meta-model for automatic modeling dynamic web applications
This paper proposes an approach to automatically transform source code of a web application into an abstraction model. A Web Application Program Dependency (WAPD) meta-model is being proposed to store dependency information based on a multi-tiered architecture, corresponding to web application’s behavior. A WebParseTree is used as an intermediate model for the transformation from the source code to the WAPD model. The WebParseTree is a DOM-like tree that consists of statements and dependencies stored information and behavior in the tree. To ensure that the resulting model is valid, it must conform to the defined web application rules. This validation step can be done automatically by a constraint validator using Object Constraint Language (OCL). The WAPD model will be represented as a generic model for web applications which can be used for many purposes such as automatic test case generation and automatic code transformation
Model checking: Correct Web page navigations with browser behavior.
While providing better performance, transparency and expressiveness, the main features of the web technologies such as web caching, session and cookies, dynamically generated web pages etc. may also affect the correct understanding of the web applications running on top of them. From the viewpoint of formal verification and specification-based testing, this suggests that the formal model of the web application we use for static analysis or test case generation should contain the abstract behavior of the underlying web application environment. Here we consider the automated generation of such a model in terms of extended finite state machines from a given abstract description of a web application by incorporating the abstract behavioral model of the web browsers in the presence of session/cookies and dynamically generated web pages. The derived model can serve as the formal basis for both model checking and specification-based testing on the web applications where we take into account the effect of the internal caching mechanism to the correct accessibility of the web pages, which can be quite sensitive to the security of the information they carry. In order to check the correctness of the derived model against required properties, we provide the automated translation of the model into Promela. By applying SPIN on Promela models, we present experimental results on the evaluation of the proposed modeling in terms of scalability.Dept. of Computer Science. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2004 .Z543. Source: Masters Abstracts International, Volume: 43-05, page: 1761. Adviser: Jessica Chen. Thesis (M.Sc.)--University of Windsor (Canada), 2004
Web application testing: Using tree kernels to detect near-duplicate states in automated model inference
Background: In the context of End-to-End testing of web applications , automated exploration techniques (a.k.a. crawling) are widely used to infer state-based models of the site under test. These models, in which states represent features of the web application and transitions represent reachability relationships, can be used for several model-based testing tasks, such as test case generation. However, current exploration techniques often lead to models containing many near-duplicate states, i.e., states representing slightly different pages that are in fact instances of the same feature. This has a negative impact on the subsequent model-based testing tasks, adversely affecting, for example, size, running time, and achieved coverage of generated test suites. Aims: As a web page can be naturally represented by its tree-structured DOM representation, we propose a novel near-duplicate detection technique to improve the model inference of web applications, based on Tree Kernel (TK) functions. TKs are a class of functions that compute similarity between tree-structured objects, largely investigated and successfully applied in the Natural Language Processing domain. Method: To evaluate the capability of the proposed approach in detecting near-duplicate web pages, we conducted preliminary classification experiments on a freely-available massive dataset of about 100k manually annotated web page pairs. We compared the classification performance of the proposed approach with other state-of-the-art near-duplicate detection techniques. Results: Preliminary results show that our approach performs better than state-of-the-art techniques in the near-duplicate detection classification task. Conclusions: These promising results show that TKs can be applied to near-duplicate detection in the context of web application model inference, and motivate further research in this direction to assess the impact of the technique on the quality of the inferred models and on the subsequent application of model-based testing techniques
Improvements of and Extensions to FSMWeb: Testing Mobile Apps
A mobile application is a software program that runs on mobile device. In 2017, 178.1 billion mobile apps downloaded and the number is expected to grow to 258.2 billion app downloads in 2022 [19]. The number of app downloads poses a challenge for mobile application testers to find the right approach to test apps. This dissertation extends the FSMWeb approach for testing web applications [50] to test mobile applications (FSMApp). During the process of analyzing FSMWeb how it could be extended to test Mobile Apps, a number of shortcomings were detected which we improved upon. We discuss these first. We present an approach to generate black-box tests to test fail-safe behavior for web applications. We apply the approach to a large commercial web application. The approach uses a functional (behavioral) model to generate tests. It then determines at which states in the execution of behavioral test failures can occur and what mitigation requirements need to be tested. Mitigation requirements are used to build mitigation models for each failure type. From those mitigation models failure mitigation tests are generated. Next, this dissertation provides an approach for selective black-box model-based fail-safe regression testing for web applications. It classifies existing tests and test requirements as reusable, retestable, and obsolete. Removing reusable test requirements reduces test requirements between 49% to 65% in the case study. The approach also uses partial regeneration for new tests wherever possible. Third, we present the new FSMApp approach to test mobile applications and compare the approach with several other approaches [88, 37]. A number of case studies explore applicability, scalability, effectiveness, and efficiency of FSMApp with other approaches. Future work makes suggestion on how to improve test generation and execution efficiency with FSMApp
Semantics-based Automated Web Testing
We present TAO, a software testing tool performing automated test and oracle
generation based on a semantic approach. TAO entangles grammar-based test
generation with automated semantics evaluation using a denotational semantics
framework. We show how TAO can be incorporated with the Selenium automation
tool for automated web testing, and how TAO can be further extended to support
automated delta debugging, where a failing web test script can be
systematically reduced based on grammar-directed strategies. A real-life
parking website is adopted throughout the paper to demonstrate the effectivity
of our semantics-based web testing approach.Comment: In Proceedings WWV 2015, arXiv:1508.0338
DeepSQLi: Deep Semantic Learning for Testing SQL Injection
Security is unarguably the most serious concern for Web applications, to
which SQL injection (SQLi) attack is one of the most devastating attacks.
Automatically testing SQLi vulnerabilities is of ultimate importance, yet is
unfortunately far from trivial to implement. This is because the existence of a
huge, or potentially infinite, number of variants and semantic possibilities of
SQL leading to SQLi attacks on various Web applications. In this paper, we
propose a deep natural language processing based tool, dubbed DeepSQLi, to
generate test cases for detecting SQLi vulnerabilities. Through adopting deep
learning based neural language model and sequence of words prediction, DeepSQLi
is equipped with the ability to learn the semantic knowledge embedded in SQLi
attacks, allowing it to translate user inputs (or a test case) into a new test
case, which is semantically related and potentially more sophisticated.
Experiments are conducted to compare DeepSQLi with SQLmap, a state-of-the-art
SQLi testing automation tool, on six real-world Web applications that are of
different scales, characteristics and domains. Empirical results demonstrate
the effectiveness and the remarkable superiority of DeepSQLi over SQLmap, such
that more SQLi vulnerabilities can be identified by using a less number of test
cases, whilst running much faster
- …