Relational Constraint Driven Test Case Synthesis for Web Applications

This paper proposes a relational constraint driven technique that synthesizes test cases automatically for web applications. Using a static analysis, servlets can be modeled as relational transducers, which manipulate backend databases. We present a synthesis algorithm that generates a sequence of HTTP requests for simulating a user session. The algorithm relies on backward symbolic image computation for reaching a certain database state, given a code coverage objective. With a slight adaptation, the technique can be used for discovering workflow attacks on web applications.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330

Dependability of IT Systems in Emergency Situations – Theory and Practice

As our dependence on IT systems increases, evaluating the dependability of critical IT systems becomes more important. One of the main challenges in software reliability engineering is the sensitivity of software systems to a changing usage. This is especially important for systems that are critical in the aftermath of a crisis and for which reliability is the most important aspect of dependability. The crisis might change the usage of the system, and this could have a negative effect on the reliability. Because crisis situations are typically rare events, both the reliability and the criticality of IT systems after a crisis situation are hard to predict. The first part of this thesis focuses on the analysis of the sensitivity of the reliability of IT systems to changes in their usage. With the help of statistical methods the effects of changing usage profiles, modelled through the use of Markov models, can be examined. After a theoretical derivation of the properties of different models for the usage of software systems, the results were validated by applying the models to the data collected from the logfiles of a webserver. Swedish municipalities also depend more and more on IT systems for their daily work. Because of their important role in the relief coordination after a crisis, the dependability of their IT systems during these emergency situations is especially critical. The evaluation of this dependability requires the combination of two kinds of information: how critically needed the IT systems are in the aftermath of a crisis and how trustworthy the critical systems are. To avoid that a failing IT system disturbs the relief work, risk and vulnerability analyses need to take into account the dependability of critical IT systems. This way, municipalities can make sure that the relief work is not critically dependent on systems that are not sufficiently reliable. The second part of this thesis describes a case study on how two Swedish municipalities deal with these issues. The study focuses especially on the division of responsibilities in the municipalities and on their current methods. The study shows that today there is much room for improvement, especially in the communication between IT personnel and emergency managers. The main goal of these case studies is to form a basis for the development of practical methods that can assist Swedish municipalities in evaluating the dependability of their IT systems and integration of this information in their emergency planning in the near future

A scalable approach to user-session based testing of web applications through concept analysis

The continuous use of the web for daily operations by businesses, consumers, and government has created a great demand for reliable web applications. One promising approach to testing the functionality of web applications leverages user session data collected by web servers. This approach automatically generates test cases based on real user profiles. The key contribution of this paper is the application of concept analysis for clustering user sessions for test suite reduction. Existing incremental concept analysis algorithms can be exploited to avoid collecting large user session data sets and thus provide scalability. We have completely automated the process from user session collection and reduction through replay. Our incremental test suite update algorithm coupled with our experimental study indicate that concept analysis provides a promising means for incrementally updating reduced test suites in response to newly captured user sessions, with some loss in fault detection capability and practically no coverage loss. 1

Software Usage Data Visualization

This thesis aims at investigating the adequacy of the Unified Model for Software Engineering Data and its technical framework for developing visualizations of software usage data. Two visual notations were developed using the aforementioned framework and its visualization templates. The data source was provided by logs of the software Kactus2 that had been previously collected. The two visualizations were evaluated both on a semantic level with an ontological analysis (based on the BWW-model), and on a syntactic level with the Physics of Notations. They were also presented to developers of Kactus2 for an additional assessment of their usability and usefulness. The results indicate that the data model and framework are indeed adequate for visualizing complex usage data from Kactus2. Furthermore, the visualizations appear to be both easy to understand and useful (in the sense that they provide insight to the usage of the software) by the developers. Based on these results, we argue that software visualizations of usage data in general - and in particular using the Unified Model for Software Engineering Data - should be studied and developed further as they may help improve software engineering products and processes

Reverse Engineering and Testing of Rich Internet Applications

The World Wide Web experiences a continuous and constant evolution, where new initiatives, standards, approaches and technologies are continuously proposed for developing more effective and higher quality Web applications. To satisfy the growing request of the market for Web applications, new technologies, frameworks, tools and environments that allow to develop Web and mobile applications with the least effort and in very short time have been introduced in the last years. These new technologies have made possible the dawn of a new generation of Web applications, named Rich Internet Applications (RIAs), that offer greater usability and interactivity than traditional ones. This evolution has been accompanied by some drawbacks that are mostly due to the lack of applying well-known software engineering practices and approaches. As a consequence, new research questions and challenges have emerged in the field of web and mobile applications maintenance and testing. The research activity described in this thesis has addressed some of these topics with the specific aim of proposing new and effective solutions to the problems of modelling, reverse engineering, comprehending, re-documenting and testing existing RIAs. Due to the growing relevance of mobile applications in the renewed Web scenarios, the problem of testing mobile applications developed for the Android operating system has been addressed too, in an attempt of exploring and proposing new techniques of testing automation for these type of applications