FINDING BUGS IN DYNAMIC WEB APPLICATIONS
0
komentar
Download free Finding Bugs in Dynamic Web Applications pdf. Web script crashes and malformed dynamically-generated web pages are common errors, and they seriously impact usability of web applications. Current tools for web-page validation cannot handle the dynamically-generated pages that are ubiquitous on today’s Internet. In this work, we apply a dynamic test generation technique, based on combined concrete and symbolic execution, to the domain of dynamic web applications. The technique generates tests automatically and minimizes the bug-inducing inputs to reduce duplication and to make the bug reports small and easy to understand and fix. We implemented the technique in Apollo, an automated tool that found dozens of bugs in real PHP applications. Apollo generates test inputs for the web application, monitors the application for crashes, and validates that the output conforms to the HTML specification. This paper presents Apollo’s algorithms and implementation, and an experimental evaluation that revealed a total of 214 bugs in 4 open-source PHP web applications.
Dynamic test-generation tools, such as DART [14], Cute [26] or EXE [4], find bugs by executing an application on concrete input values, and then creating additional input values by solving symbolic constraints derived from exercised control flow paths. To date, such approaches have not been practical in the important domain of web applications. This paper extends dynamic test generation to scripting languages, uses an oracle to determine whether the output of the web application is syntactically correct, and automatically sorts and minimizes the inputs that expose errors. Our Apollo system applies these techniques in the context of PHP, one of the most popular languages for web programming. According to Netcraft, PHP powered 21 million domains as of April 2007, including some of the largest and most well-known websites such as Wikipedia and WordPress.
here
Dynamic test-generation tools, such as DART [14], Cute [26] or EXE [4], find bugs by executing an application on concrete input values, and then creating additional input values by solving symbolic constraints derived from exercised control flow paths. To date, such approaches have not been practical in the important domain of web applications. This paper extends dynamic test generation to scripting languages, uses an oracle to determine whether the output of the web application is syntactically correct, and automatically sorts and minimizes the inputs that expose errors. Our Apollo system applies these techniques in the context of PHP, one of the most popular languages for web programming. According to Netcraft, PHP powered 21 million domains as of April 2007, including some of the largest and most well-known websites such as Wikipedia and WordPress.
here
0 komentar:
Post a Comment