Relational Constraint Driven Test Case Synthesis for Web Applications
Xiang Fu
TL;DR
This paper introduces a relational constraint-based method for automatically generating test cases for web applications by modeling servlets as relational transducers and using symbolic analysis to reach specific database states.
Contribution
It presents a novel synthesis algorithm that automates test case generation and can also be adapted for security testing to discover workflow attacks.
Findings
Successfully generates test sequences for web app coverage
Can identify potential security vulnerabilities in workflows
Uses static analysis and symbolic computation for precision
Abstract
This paper proposes a relational constraint driven technique that synthesizes test cases automatically for web applications. Using a static analysis, servlets can be modeled as relational transducers, which manipulate backend databases. We present a synthesis algorithm that generates a sequence of HTTP requests for simulating a user session. The algorithm relies on backward symbolic image computation for reaching a certain database state, given a code coverage objective. With a slight adaptation, the technique can be used for discovering workflow attacks on web applications.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware Testing and Debugging Techniques · Web Application Security Vulnerabilities · Software System Performance and Reliability