Reverse Engineering: Methodologies for Web Applications

The Reverse Engineering of Web Applications is a complex problem, due to the variety of languages and technologies that are contemporary used to realize them. Indeed, the benefits that can be obtained are remarkable: the presence of documentation at different abstraction levels will help the execution of maintenance interventions, migration and reengineering processes, reducing their costs and risks and improving their effectiveness. Moreover, the assessment of the maintainability factor of a Web Application is an important support to decision making processes. Business processes are often implemented by mean of software systems which expose them to the user as an externally accessible Web application. This paper describes a methodologies for recovering business processes by dynamic analysis of the Web applications which ex-pose them

Reverse engineering of web applications

The MAP-i Doctoral Program of the Universities of Minho, Aveiro and PortoEven so many years after its genesis, the Internet is still growing. Not only are the users increasing, so are the number of different programming languages or frameworks for building Web applications. However, this plethora of technologies makes Web applications’ source code hard to comprehend and understand, thus deteriorating both their debugging and their maintenance costs. In this context, a number of proposals have been put forward to solve this problem. While, on one hand, there are techniques that analyze the entire source code of Web applications, the diversity of available implementation technology makes these techniques return unsatisfactory results. On the other hand, there are also techniques that dynamically (but blindly) explore the applications by running them and analyzing the results of randomly exploring them. In this case the results are better, but there is always the chance that some part of the application might be left unexplored. This thesis investigates if an hybrid approach combining static analysis and dynamic exploration of the user interface can provide better results. FREIA, a framework developed in the context of this thesis, is capable of analyzing Web applications automatically, deriving structural and behavioral interface models from them.Mesmo decorridos tantos anos desde a sua génese, a Internet continua a crescer. Este crescimento aplica-se não só ao número de utilizadores como também ao número de diferentes linguagens de programação e frameworks utilizadas para a construção de aplicações Web. No entanto, esta pletora de tecnologias leva a que o código fonte das aplicações Web seja difícil de compreender e analisar, deteriorando tanto o seu depuramento como os seus custos de manutenção. Neste contexto, foram desenvolvidas algumas propostas com intuito de resolver este problema. Não obstante, por um lado, existirem técnicas que analisam a totalidade do código fonte das aplicações Web, a diversidade das tecnologias de implementação existentes fazem com que estas técnicas gerem resultados insatisfatórios. Por outro lado, existem também técnicas que, dinamicamente (apesar de cegamente), exploram as aplicações, executando-as e analisando os resultados da sua exploração aleatória. Neste caso, os resultados são melhores, mas corremos o risco de ter deixado alguma parte da aplicação por explorar. Esta tese investiga se uma abordagem híbrida, combinando a análise estática com a exploração dinâmica da interface do utilizador consegue produzir melhores resultados. FREIA, uma framework desenvolvida no contexto desta tese é capaz de, automaticamente, analisar aplicações Web, derivando modelos estruturais e comportamentais da interface das mesmas.Esta investigação foi financiada pela Fundação para a Ciência e Tecnologia através da concessão de uma bolsa de doutoramento (SFRH/BD/71136/2010) no âmbito do Programa Operacional Potencial Humano (POPH), comparticipado pelo Fundo Social Europeu e por fundos nacionais do QREN

IFML-based Model-Driven Front-End Modernization

Since late 90’s the use of web application frameworks has been the default choice to develop software applications inside the web domain. In parallel, Model Driven Web Engineering approaches have been defined and successfully applied to reduce the effort of web application development and reuse, fostering the independence of the implementation technology. A direct result of the success of these approaches is the elaboration of the Interaction Flow Modeling Language (IFML) as an Object Management Group (OMG) standard. However, the real fact is that there is a huge amount of legacy web systems that were developed before MDWE approaches were mainstream. The work presented herein tries to leverage IFML to modernize the front-ends of framework-based legacy web applications. In concrete, a systematic model driven reverse engineering process to generate an IFML representation from such applications is presented

Reverse Engineering and Testing of Rich Internet Applications

The World Wide Web experiences a continuous and constant evolution, where new initiatives, standards, approaches and technologies are continuously proposed for developing more effective and higher quality Web applications. To satisfy the growing request of the market for Web applications, new technologies, frameworks, tools and environments that allow to develop Web and mobile applications with the least effort and in very short time have been introduced in the last years. These new technologies have made possible the dawn of a new generation of Web applications, named Rich Internet Applications (RIAs), that offer greater usability and interactivity than traditional ones. This evolution has been accompanied by some drawbacks that are mostly due to the lack of applying well-known software engineering practices and approaches. As a consequence, new research questions and challenges have emerged in the field of web and mobile applications maintenance and testing. The research activity described in this thesis has addressed some of these topics with the specific aim of proposing new and effective solutions to the problems of modelling, reverse engineering, comprehending, re-documenting and testing existing RIAs. Due to the growing relevance of mobile applications in the renewed Web scenarios, the problem of testing mobile applications developed for the Android operating system has been addressed too, in an attempt of exploring and proposing new techniques of testing automation for these type of applications

Reverse engineering in software requirements in web applications using a LEL

This document explores and describes the state of the art of Reverse Engineering in the specification of Software Requirements for web applications using an LEL (Language Extended Lexicon). A review of the scientific literature on this topic was carried out with the aim of investigating how the application of Reverse Engineering in the specification of software requirements would improve their quality, with the support of the creation of a tool for web augmentation, that is, a web extension that allows creating a glossary of terms or LEL of web applications, this with the purpose of knowing their operation for maintenance and improvement purposes.Facultad de Informátic

Combining static and dynamic analysis for the reverse engineering of web applications

Software has become so complex that it is increasingly hard to have a complete understanding of how a particular system will behave. Web applications, their user interfaces in particular, are built with a wide variety of technologies making them particularly hard to debug and maintain. Reverse engineering techniques, either through static analysis of the code or dynamic analysis of the running application, can be used to help gain this understanding. Each type of technique has its limitations. With static analysis it is difficult to have good coverage of highly dynamic applications, while dynamic analysis faces problems with guaranteeing that generated models fully capture the behavior of the system. This paper proposes a new hybrid approach for the reverse engineering of web applications' user interfaces. The approach combines dynamic analyzes of the application at runtime, with static analyzes of the source code of the event handlers found during interaction. Information derived from the source code is both directly added to the generated models, and used to guide the dynamic analysis.This work is funded by ERDF - European Regional Development Fund through the COMPETE Programme (operational programme for competitiveness) and by National Funds through the FCT - Fundação para a Ciência e a Tecnologia (Portuguese Foundation for Science and Technology) within project FCOMP-01-0124-FEDER-015095. Carlos Eduardo Silva is further funded by the Portuguese Government through FCT, grant SFRH/BD/71136/2010

Feature Detection in Ajax-enabled Web Applications

Abstract-In this paper we propose a method for reverse engineering the features of Ajax-enabled web applications. The method first collects instances of the DOM trees underlying the application web pages, using a state-of-the-art crawling framework. Then, it clusters these instances into groups, corresponding to distinct features of the application. The contribution of this paper lies in the novel DOM-tree similarity metric of the clustering step, which makes a distinction between simple and composite structural changes. We have evaluated our method on three real web applications. In all three cases, the proposed distance metric leads to a number of clusters that is closer to the actual number of features and classifies web page instances into these feature-specific clusters more accurately than other traditional distance metrics. We therefore conclude that it is a reliable distance metric for reverse engineering the features of Ajax-enabled web applications