Web Application Model Recovery for User Input Validation Testing

Abstract

The invalidated input is one of the most critical web application security flaws. However, testing the user input validation function is an intellectual and labor intensive task. We are developing a model driven framework to help testers to accomplish this job in visual view with guidance. This paper reports our on-going work. A meta-model of Web application for user input validation testing is defined. Based on the meta-model, by analyzing HTML files, a light weight method is given to create the model. Our evaluation shows that the proposed method can comprehensively model Web applications, and accurately identify the purpose of input points, which are very important for the test case generation in the future.