Toward Security Test Automation for Event Driven GUI Web Contents

Full Text (PDF, 181KB), PP.19-25

Views: 0 Downloads: 0

Author(s)

Izzat Alsmadi 1,* Ahmed AlEroud 2

1. Department of Computer Information System, Yarmouk University, Irbid 21163, JORDAN

2. Department of Information Systems, University of Maryland, Baltimore County (UMBC) 1000 Hilltop Circle, Baltimore, MD 21250, USA

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2012.06.03

Received: 23 Sep. 2011 / Revised: 29 Dec. 2011 / Accepted: 27 Feb. 2012 / Published: 8 Jun. 2012

Index Terms

Web Testing, Test Automation, Security Testing, Coverage Metrics

Abstract

The web is taking recently a large percentage of software products. The evolving nature of web applications put a serious challenge on testing, if we consider the dynamic nature of the current web. More precisely, testing both blocked contents and AJAX interfaces, might create new challenges in terms of test coverage and completeness. In this paper, we proposed enhancements and extensions of the current test automation activities. In the proposed framework, user interaction with AJAX interfaces is used to collect DOM violation states. A blocked content is accessed through multiple forms' submission with dynamic contents, and in each iteration the vulnerability events databases are modified. Next, the test cases database of possible vulnerable inputs for both AJAX and blocked contents is built. Finally, Coverage assessment is evaluated after executing those test cases based on several possible coverage aspects.

Cite This Paper

Izzat Alsmadi, Ahmed AlEroud, "Toward Security Test Automation for Event Driven GUI Web Contents", International Journal of Computer Network and Information Security(IJCNIS), vol.4, no.6, pp.19-25, 2012. DOI:10.5815/ijcnis.2012.06.03

Reference

[1]A. Danny ,"Web Application Security: Automated Scanning Versus Manual Penetration Testing". Web application security White paper, January, 2008.
[2]W. Yao, T .Chung, L .Tsung, "A Testing Framework for Web Application Security Assessment", Journal of Computer Networks, vol. 48, PP (739–761), 2005
[3]C.Kallepalli, and J.Tian, "Measuring and Modeling Usage and Reliability for Statistical Web Testing", IEEE Trans Software Engineering, 27(11): PP (1023-1034), 2001
[4]L. Xu, B. Xu, and Z. Chen, "A Scheme of Web Testing Approach", Journal of Najing in Chinese, 38(11): PP (182-186), 2002.
[5]J. Offutt, Y. Wu, X. Du and H. Huang,"Bypass Testing of Web Applications", In Proc. of the 15th International Symposium on Software Reliability Engineering (ISSRE'04), Saint-Malo, Bretagne, France, 2004.
[6]Z. Qia, M. Ko, and H. Zen, "A Practical Web Testing Model for Web Application Testing", in the 3d International IEEE Conference on Signal-Image Technologies and Internet-Based System, Bali, Indonesia, (2008), PP(434-441)
[7]B. Marín, Tanja, G. Giachetti, A. Baars, , "Towards Testing Future Web Applications", Fifth International conference in Research Challenges in Information Science (RCIS), Valencia, Spain, 2011, PP (1 – 12).
[8]X. Luo, F. Ping, and M. Hwa, "Clustering and Tailoring User Session Data for Testing Web Applications", International Conference on Software Testing Verification and Validation, Berlin, 2009, PP(336 – 345)
[9]F. Ricca and P. Tonella. "Analysis and Testing Of Web Applications". In Proc. of ICSE 2001, International Conference on Software Engineering, Toronto, Ontario, Canada, May, 2001, 12-19, pages 25–34.
[10]S. Raghavan, And H. Garcia-molina, "Crawling the Hidden Web". In Proc. of the 27th VLDB Conference, Roma, Italy, 2001, PP (129–138).
[11]A. Mesbah, A. Deursen and D. Roest," Invariant-Based Automated Testing of Modern Web Applications". IEEE Transactions on Software Engineering, vol. 40, no. 8, 2012.
[12]H. Alessandro, and P. Tonella, "Improving Web Application Testing Using Testability Measures", 11th IEEE International Symposium on Web Systems Evolution (WSE), Issue Date: 25-26 Sept. 2009, PP (49 - 58).
[13]I. Alsmadi, and K. Magel, "An Object Oriented Framework for User Interface Test Automation". Midwest Instruction and Computing Symposium, ND, USA 2007.