{"title":"用户输入验证测试的Web应用程序模型恢复","authors":"Nuo Li, Maozhong Jin, Chao Liu","doi":"10.1109/ICSEA.2007.86","DOIUrl":null,"url":null,"abstract":"The invalidated input is one of the most critical web application security flaws. However, testing the user input validation function is an intellectual and labor intensive task. We are developing a model driven framework to help testers to accomplish this job in visual view with guidance. This paper reports our on-going work. A meta-model of Web application for user input validation testing is defined. Based on the meta-model, by analyzing HTML files, a light weight method is given to create the model. Our evaluation shows that the proposed method can comprehensively model Web applications, and accurately identify the purpose of input points, which are very important for the test case generation in the future.","PeriodicalId":395851,"journal":{"name":"International Conference on Software Engineering Advances (ICSEA 2007)","volume":"193 ","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Web Application Model Recovery for User Input Validation Testing\",\"authors\":\"Nuo Li, Maozhong Jin, Chao Liu\",\"doi\":\"10.1109/ICSEA.2007.86\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The invalidated input is one of the most critical web application security flaws. However, testing the user input validation function is an intellectual and labor intensive task. We are developing a model driven framework to help testers to accomplish this job in visual view with guidance. This paper reports our on-going work. A meta-model of Web application for user input validation testing is defined. Based on the meta-model, by analyzing HTML files, a light weight method is given to create the model. Our evaluation shows that the proposed method can comprehensively model Web applications, and accurately identify the purpose of input points, which are very important for the test case generation in the future.\",\"PeriodicalId\":395851,\"journal\":{\"name\":\"International Conference on Software Engineering Advances (ICSEA 2007)\",\"volume\":\"193 \",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-08-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Conference on Software Engineering Advances (ICSEA 2007)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSEA.2007.86\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Software Engineering Advances (ICSEA 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSEA.2007.86","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Web Application Model Recovery for User Input Validation Testing
The invalidated input is one of the most critical web application security flaws. However, testing the user input validation function is an intellectual and labor intensive task. We are developing a model driven framework to help testers to accomplish this job in visual view with guidance. This paper reports our on-going work. A meta-model of Web application for user input validation testing is defined. Based on the meta-model, by analyzing HTML files, a light weight method is given to create the model. Our evaluation shows that the proposed method can comprehensively model Web applications, and accurately identify the purpose of input points, which are very important for the test case generation in the future.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
