Filters








2,370 Hits in 11.4 sec

Automatic generation of valid and invalid test data for string validation routines using web searches and regular expressions

Muzammil Shahbaz, Phil McMinn, Mark Stevenson
2015 Science of Computer Programming  
It then performs further web searches for strings that match the regular expressions, producing examples of test cases that are both valid and realistic.  ...  Following this, our technique mutates the regular expressions to drive the search for invalid strings, and the production of test inputs that should be rejected by the validation routine.  ...  Acknowledgements This work was funded by the EPSRC project RE-COST (REducing the Cost of Oracles for Software Testing, grant no. EP/I010386/1).  ... 
doi:10.1016/j.scico.2014.04.008 fatcat:geoh4qp7sfholmjg4csqejl7ja

Automated Discovery of Valid Test Strings from the Web Using Dynamic Regular Expressions Collation and Natural Language Processing

M. Shahbaz, P. McMinn, M. Stevenson
2012 2012 12th International Conference on Quality Software  
Once a regular expression has been found, a secondary web search is performed for strings matching the regular expression.  ...  Keywords-test data generation; string inputs; valid inputs; web queries; regular expressions; natural language processing 2 quotes must be dot separated, or the outer characters of the local-part. 3 dot  ...  CONCLUSION AND FUTURE WORK This paper has presented an approach for generating values for String data types by using tailored web searches, dynamic regular expressions and NLP techniques.  ... 
doi:10.1109/qsic.2012.15 dblp:conf/qsic/ShahbazMS12 fatcat:dl7qft32pvbwdfnmwbeamkpimi

Developing Smart Web-Search Using RegEx [article]

Ikechukwu Onyenwe, Stanley Ogbonna, Ebele Onyedimma, Onyedikachukwu Ikechukwu-Onyenwe, Chidinma Nwafor
2021 arXiv   pre-print
In this paper, we proposed using a combined method of keyword-based and Regular expressions (regEx) searches to perform a search using strings of targeted items for optimal results even as the volume of  ...  Due to the increasing storage data on Web Applications, it becomes very difficult to use only keyword-based searches to provide comprehensive search results, thus increasing the difficulty for web users  ...  [6] presented a novel approach for generating string test data for string validation routines, by harnessing the Internet.  ... 
arXiv:2110.04767v1 fatcat:tphjo35mcrdqhnm23ppghiu3de

DEVELOPING SMART WEB-SEARCH USING REGEX

Ikechukwu Onyenwe, Stanley Ogbonna, Ebele Onyedimma, Onyedikachukwu Ikechukwu-Onyenwe, Chidinma Nwafor
2022 Zenodo  
In this paper, we proposed using a combined method of keyword-based and Regular expressions (RegEx) searches to perform search using strings of targeted items for optimal results even as the volume of  ...  Due to the increasing storage data on the Web Applications it becomes very difficult to use only keyword- based searches to provide comprehensive search results, thus increasing the difficulty for web  ...  Following this, our technique mutates the regular expressions to drive the search for invalid strings, and the production of test inputs that should be rejected by the validation routine.  ... 
doi:10.5281/zenodo.6937395 fatcat:fu64mw44sbh4hjukjwqmrobiqy

Search-Based Test Input Generation for String Data Types Using the Results of Web Queries

Phil McMinn, Muzammil Shahbaz, Mark Stevenson
2012 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation  
Firstly, web pages are a rich source of valid inputs for various types of string data that may be used to improve test coverage.  ...  The resultant URLs are downloaded, split into tokens, and used to augment and seed a search-based test data generation technique.  ...  Search-Based Generation of String Values String inputs and parameter values present problems for automatic test generators, for two reasons: 1) Complexity.  ... 
doi:10.1109/icst.2012.94 dblp:conf/icst/McMinnSS12 fatcat:xmxqgzu2uberbclqbatqwffmje

A Symbolic Execution Framework for JavaScript

Prateek Saxena, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant, Dawn Song
2010 2010 IEEE Symposium on Security and Privacy  
To handle JavaScript code's complex use of string operations, we design a new language of string constraints and implement a solver for it.  ...  In experiments on 18 live web applications, Kudzu automatically discovers 2 previously unknown vulnerabilities and 9 more that were previously found only with a manually-constructed test suite.  ...  ACKNOWLEDGMENTS We thank David Wagner, Adam Barth, Domagoj Babic, Adrian Mettler, Juan Caballero, Pongsin Poosankam and our anonymous reviewers for helpful feedback on the paper and suggestions for improvements  ... 
doi:10.1109/sp.2010.38 dblp:conf/sp/SaxenaAHMMS10 fatcat:wdfkmpebcbeapcg6esllmartzi

Mobile Application Web API Reconnaissance: Web-to-Mobile Inconsistencies & Vulnerabilities

Abner Mendoza, Guofei Gu
2018 2018 IEEE Symposium on Security and Privacy (SP)  
Modern mobile apps use cloud-hosted HTTP-based API services and heavily rely on the Internet infrastructure for data communication and storage.  ...  Developing automatic methods of auditing web APIs for security remains challenging.  ...  To this end, we use Z3-Str with the regular expression extension.  ... 
doi:10.1109/sp.2018.00039 dblp:conf/sp/MendozaG18 fatcat:upjdfihbhvfvveuz3qdpsw2pfy

An Industrial Case Study of Bypass Testing on Web Applications

Jeff Offutt, Qingxiang Wang, Joann Ordille
2008 2008 International Conference on Software Testing, Verification, and Validation  
This can cause unexpected behavior, and even allow unauthorized access. A test technique called bypass testing intentionally sends invalid data to the server by bypassing client-side validation.  ...  Although several techniques are used to validate inputs on the client, users can easily bypass this validation and submit arbitrary data to the server.  ...  Ajax is not normally used for data validation and although AutoBypass can parse and test web sites that use Ajax, explicit generation of values to test the use of Ajax is currently out of scope for this  ... 
doi:10.1109/icst.2008.46 dblp:conf/icst/OffuttWO08 fatcat:qtm67mykmjdgbcfdglcjxlxb2e

A case study on bypass testing of web applications

Jeff Offutt, Vasileios Papadimitriou, Upsorn Praphamontripong
2012 Empirical Software Engineering  
This can cause unexpected behavior, and even allow unauthorized access. A test technique called bypass testing intentionally sends invalid data to the server by bypassing client-side validation.  ...  Although several techniques are used to validate inputs on the client, users can easily bypass this validation and submit arbitrary data to the server.  ...  Ajax is not normally used for data validation and although AutoBypass can parse and test web sites that use Ajax, explicit generation of values to test the use of Ajax is currently out of scope for this  ... 
doi:10.1007/s10664-012-9216-x fatcat:plt5psh5prfkrbqn46q4bn54zq

ViewPoints: differential string analysis for discovering client- and server-side input validation inconsistencies

Muath Alkhalaf, Shauvik Roy Choudhary, Mattia Fazzini, Tevfik Bultan, Alessandro Orso, Christopher Kruegel
2012 Proceedings of the 2012 International Symposium on Software Testing and Analysis - ISSTA 2012  
Clientside validation is used to improve the responsiveness of the application, as it allows for responding without communicating with the server, whereas server-side validation is necessary for security  ...  Since web applications are easily accessible, and often store a large amount of sensitive user information, they are a common target for attackers.  ...  It then uses library Perl5Util to perform the regular expression match operations, which allows for using the same Perl style regular expression syntax used in the client.  ... 
doi:10.1145/2338965.2336760 dblp:conf/issta/AlkhalafCFBOK12 fatcat:x4tjf6rvw5gzfnkcde622psm6i

Leveraging Application Data Constraints to Optimize Database-Backed Web Applications [article]

Xiaoxuan Liu, Shuxian Wang, Mengzhu Sun, Sharon Lee, Sicheng Pan, Joshua Wu, Cong Yan, Junwen Yang, Shan Lu, Alvin Cheung
2022 arXiv   pre-print
Instead of developing a fixed set of predefined rewriting rules, ConstrOpt employs an enumerate-test-verify technique to automatically exploit the discovered data constraints to improve query execution  ...  We present ConstrOpt, the first tool that identifies data relationships by analyzing the programs that generate and maintain the persistent data.  ...  While there are means to express data constraints for programmatically-generated data, such as SQL constraints [31] and various data validation APIs provided by web application frameworks [7, 16] ,  ... 
arXiv:2205.02954v1 fatcat:culrfazmhvf4nma5baxsnygdg4

Web application security assessment by fault injection and behavior monitoring

Yao-Wen Huang, Shih-Kun Huang, Tsung-Po Lin, Chung-Hung Tsai
2003 Proceedings of the twelfth international conference on World Wide Web - WWW '03  
We describe the use of a number of softwaretesting techniques (including dynamic analysis, black-box testing, fault injection, and behavior monitoring), and suggest mechanisms for applying these techniques  ...  Real-world situations are used to test a tool we named the Web Application Vulnerability and Error Scanner (WAVES, an opensource project available at http://waves.sourceforge.net) and to compare it with  ...  The mechanism is designed to automatically generate server-and client-side validation routines. However, it only works with Web applications developed with the <bigwig> language.  ... 
doi:10.1145/775173.775174 fatcat:qa6g2gz56nfhvhy5xxbc2b4bem

Web application security assessment by fault injection and behavior monitoring

Yao-Wen Huang, Shih-Kun Huang, Tsung-Po Lin, Chung-Hung Tsai
2003 Proceedings of the twelfth international conference on World Wide Web - WWW '03  
We describe the use of a number of softwaretesting techniques (including dynamic analysis, black-box testing, fault injection, and behavior monitoring), and suggest mechanisms for applying these techniques  ...  Real-world situations are used to test a tool we named the Web Application Vulnerability and Error Scanner (WAVES, an opensource project available at http://waves.sourceforge.net) and to compare it with  ...  The mechanism is designed to automatically generate server-and client-side validation routines. However, it only works with Web applications developed with the <bigwig> language.  ... 
doi:10.1145/775152.775174 dblp:conf/www/HuangHLT03 fatcat:a4hyw6t7lzdy5gb73ktk5etry4

Tutorons: Generating context-relevant, on-demand explanations and demonstrations of online code

Andrew Head, Codanda Appachu, Marti A. Hearst, Bjorn Hartmann
2015 2015 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC)  
We build Tutorons for CSS selectors, regular expressions, and the Unix command "wget".  ...  In this paper, we propose language-specific routines called Tutorons that automatically generate context-relevant, on-demand microexplanations of code.  ...  Some participants had difficulty searching for programming help on a web search engine (Google) and using the search results.  ... 
doi:10.1109/vlhcc.2015.7356972 dblp:conf/vl/HeadAHH15 fatcat:qbojptvkevgsnexnfaecvwmxta

Common web application attack types and security using ASP.NET

Bojan Jovicic, Dejan Simic
2006 Computer Science and Information Systems  
There are some principles of strong Web application security which make up the part of defense mechanisms presented: executing with least privileged account, securing sensitive data (connection string)  ...  and proper exception handling (where the new approach is presented using ASP.NET mechanisms for centralized exception logging and presentation).  ...  To use this controls, it is enough to set its attributes for which control to validate, and which regular expression to use for validating.  ... 
doi:10.2298/csis0602083j fatcat:hlcrse4s7zayxprw7v6rwmycxa
« Previous Showing results 1 — 15 out of 2,370 results