Relational Constraint Driven Test Case Synthesis for Web Applications

Xiang Fu

This paper proposes a relational constraint driven technique that synthesizes test cases automatically for web applications. Using a static analysis, servlets can be modeled as relational transducers, which manipulate backend databases. We present a synthesis algorithm that generates a sequence of HTTP requests for simulating a user session. The algorithm relies on backward symbolic image computation for reaching a certain database state, given a code coverage objective. With a slight adaptation, the technique can be used for discovering workflow attacks on web applications.

In Gwen Salaün, Xiang Fu and Sylvain Hallé : Proceedings Fourth International Workshop on Testing, Analysis and Verification of Web Software (TAV-WEB 2010), Antwerp, Belgium, 21 September 2010, Electronic Proceedings in Theoretical Computer Science 35, pp. 39–50.
Published: 17th September 2010.

ArXived at: https://dx.doi.org/10.4204/EPTCS.35.4 bibtex PDF

Comments and questions to: eptcs@eptcs.org
For website issues: webmaster@eptcs.org