MUTWEB- A Testing Tool for Performing Mutation Testing of Java and Servlet Based Web Applications

Mutation testing is one of the oldest and unique testing techniques to perform white box testing of software applications. Code coverage becoming an increasing concern in the testing cycle of software, mutation testing technique aids in achieving higher code coverage and unearthing more number of errors at the testing site itself. The parameters like the database connectivity, session management, cookie management, are the beginning point of web application testing failures given the heterogeneity aspects associated with the development of a web application. A detailed account on list of available testing tools for performing mutation testing are presented here. A big bundle of mutation testing tools are still available, however they are not focussing on some of the crucial web vulnerabilities like session and cookie management in web apps. In the current work, a tool to perform mutation testing of web applications is developed and tested to see if desired results are occurring. An architecture of the tool is designed is discussed and presented. A brief analysis on results is presented

Download Full-text

Research on Combine White-Box Testing and Black-Box Testing of Web Applications Security

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.989-994.4542 ◽

2014 ◽

Vol 989-994 ◽

pp. 4542-4546 ◽

Cited By ~ 2

Author(s):

Jie Fan ◽

Peng Gao ◽

Cong Cong Shi ◽

Ni Ge Li

Keyword(s):

Web Application ◽

Web Applications ◽

New Technology ◽

Black Box ◽

Web Application Security ◽

Testing Tools ◽

Black Box Testing ◽

Code Security ◽

White Box Testing ◽

Test Result

Contrary to high false positives rate of use White-box testing tools for Web application source code security and unable to locate vulnerabilities of use Black-box testing tools for Web application security, propose an effective method for combine White-box and Black-box testing tools of Web applications. This method will put the new technology of “Associated Files Matching Engine” into White-box testing tools, this test result and Black-box test result will be statistical analyzed and combined. Argumentation show, this method reduce the positives rate of White-box test result and be able to locate vulnerabilities where it is in file.

Download Full-text

Developing Web-Application’s Automated Testing Technique

Vestnik NSU Series Information Technologies ◽

10.25205/1818-7900-2019-17-3-93-110 ◽

2019 ◽

Vol 17 (3) ◽

pp. 93-110

Author(s):

A. V. Tkachev ◽

D. V. Irtegov

Keyword(s):

Web Application ◽

Development Process ◽

Web Applications ◽

Assessment System ◽

Automated Testing ◽

Automatic Assessment ◽

Testing Technique ◽

Code Coverage ◽

Client Side ◽

User Actions

The article is devoted to the technique of automated testing of NSUts – automatic assessment system for programming tasks developed at NSU. The main priority for this technique is to test both the old and the new versions of the application, so that the same or minimally modified tests could be executed on two versions of the system with different architectures. This could be useful while organizing the development process for other applications with a long life cycle. To test not only the server but also the client side of the web application, we suggest using tools like Selenium WebDriver to simulate user actions by sending commands to real browsers. We use the well-known Page Object design pattern to handle differences in HTML layout and functionality, and describe a number of ways to make developed tests less fragile and easily adapt those to work with the new version of the system. The article also describes the use of this technique to organize automated testing of the NSUts system and analyzes its effectiveness. The analysis shows that the estimated code coverage by these tests is quite high, and therefore the technique can be considered effective and applied to other similar web applications.

Download Full-text

Secure ASP.NET Web Application by Discovering Broken Authentication and Session Management Vulnerabilities

Oriental journal of computer science and technology ◽

10.13005/ojcst/10.02.15 ◽

2017 ◽

Vol 10 (2) ◽

pp. 359-363

Author(s):

Rupal Sharma ◽

Ravi Sheth

Keyword(s):

Web Service ◽

Web Application ◽

Web Applications ◽

The Other ◽

Web Application Security ◽

Application Security ◽

Security Vulnerability ◽

Session Management ◽

The Given ◽

The Web

Today, web application security is most significant battlefield between victim, attacker and resource of web service. The owner of web applications can’t see security vulnerability in web application which develops in ASP.NET. This paper explain one algorithm which aim to identify broken authentication and session management vulnerability. The given method of this paper scan the web application files. The created scanner generator relies on studying the source character of the application limited ASP.NET files and the code be beholden files. A program develop for this motive is to bring about a report which describes vulnerabilities types by mentioning the indict name, disclose description and its location. The aim of the paper is to discover the broken authentication and session management vulnerabilities. The indicated algorithm will uphold organization and developer to repair the vulnerabilities and recover from one end to the other security.

Download Full-text

Morpheus Web Testing: A Tool for Generating Test Cases for Widget Based Web Applications

Journal of Web Engineering ◽

10.13052/jwe1540-9589.2121 ◽

2021 ◽

Author(s):

Romulo de Almeida Neves ◽

Willian Massami Watanabe ◽

Rafael Oliveira

Keyword(s):

User Interfaces ◽

Web Application ◽

Web Applications ◽

Test Cases ◽

Code Coverage ◽

Web Testing ◽

The Cost ◽

Software Lifecycle ◽

The Web

Context: Widgets are reusable User Interfaces (UIs) components frequently delivered in Web applications.In the web application, widgets implement different interaction scenarios, such as buttons, menus, and text input.Problem: Tests are performed manually, so the cost associated with preparing and executing test cases is high.Objective: Automate the process of generating functional test cases for web applications, using intermediate artifacts of the web development process that structure widgets in the web application. The goal of this process is to ensure the quality of the software, reduce overall software lifecycle time and the costs associated with tests.Method:We elaborated a test generation strategy and implemented this strategy in a tool, Morpheus Web Testing. Morpheus Web Testing extracts widget information from Java Server Faces artifacts to generate test cases for JSF web applications. We conducted a case study for comparing Morpheus Web Testing with a state of the art tool (CrawlJax).Results: The results indicate evidence that the approach Morpheus Web Testing managed to reach greater code coverage compared to a CrawlJax.Conclusion: The achieved coverage values represent evidence that the results obtained from the proposed approach contribute to the process of automated test software engineering in the industry.

Download Full-text

Web Application Quality

Information Modeling for Internet Applications ◽

10.4018/978-1-59140-050-9.ch011 ◽

2003 ◽

pp. 231-258

Author(s):

Filippo Ricca ◽

Paolo Tonella

Keyword(s):

Web Application ◽

World Wide ◽

Web Applications ◽

Dynamic Structure ◽

Statistical Testing ◽

Consistent Model ◽

The World ◽

White Box Testing ◽

Whole Life Cycle

The World Wide Web has become an interesting opportunity for companies to deliver services and products at distance. Correspondingly, the quality of Web applications, responsible for the related transactions, has become a crucial factor. It can be improved by properly modeling the application during its design, but if the whole life cycle is considered, the availability of a consistent model of the application is fundamental also during maintenance and testing. In this chapter, the problem of recovering a model of a Web application from the implementation is faced. Algorithms are provided to obtain it even in presence of a highly dynamic structure. Based upon such a model, several static analysis techniques, among which reaching definitions and slicing, are considered, as well as some restructuring techniques. White box testing exploits the model in that the related coverage levels are based on it, while statistical testing assumes that transitions in the model are labeled with the conditional probabilities of being traversed.

Download Full-text

Mutation Testing for Evaluating PHP Web Applications

International Journal of Software Innovation ◽

10.4018/ijsi.2019100102 ◽

2019 ◽

Vol 7 (4) ◽

pp. 25-50 ◽

Cited By ~ 1

Author(s):

Ahmad A. Saifan ◽

Mahmoud Bani Ata

Keyword(s):

Web Application ◽

Web Applications ◽

Mutation Testing ◽

Ip Address ◽

Data Manipulation ◽

Java Programming ◽

Mutation Operators ◽

Prototype Tool ◽

Service Information ◽

The World

Web applications provide services to hundreds of billions of people over the world, so they should be tested, to insure their validity. In this article, we are investigating the ability of testing web application based on traditional mutation testing. To perform this test, we have defined 54 mutation operators, classified into six categories: SQL data retrieving, data manipulation; domain name and IP address look up; internet protocol and service information; HTTP; connection to server and to database. The test was applied to websites that are built using PHP programming for two reasons. The majority of websites nowadays are built using ASP.net or PHP and most of the testing efforts that have been applied on web applications were using the Java programming language. We have implemented a prototype tool called μWebPHP for automatically generating mutants for PHP web applications based on the identified mutation operators. We report preliminary results that show that mutation testing is feasible for web applications.

Download Full-text

Mutation Testing and Its Analysis on Web Applications for Defect Prevention and Performance Improvement

International Journal of e-Collaboration ◽

10.4018/ijec.2021010105 ◽

2021 ◽

Vol 17 (1) ◽

pp. 71-88

Author(s):

Suguna Mallika S. ◽

Rajya Lakshmi D.

Keyword(s):

Web Applications ◽

Mutation Testing ◽

Current Work ◽

Code Coverage ◽

Mutation Operators ◽

Functional Attributes ◽

Defect Prevention ◽

Increasing Demand ◽

And Performance ◽

Future Direction

The society's increasing reliance on web applications with the growing online market and digitization of almost every service, there is an increasing demand for better reliability, security, and interoperability of web applications. Testing becomes an integral part of improving this reliability on web applications. Despite the innumerable number of tools, techniques, methods for testing web applications, there is still scope for expansion in the code coverage of web applications. Mutation testing with its expansive potential to expose vulnerabilities of web applications took a backseat owing to its exhaustive testing cycles. Some mutation operators related to security, performance, and other non-functional attributes of web applications are presented in the current work. In the current work, a thorough analysis of various mutations operators proposed by authors towards the non-existent operators thus far is presented. An augment of 47% of operators occurred in the present work. A concise discussion on the scope of work future direction of work is presented.

Download Full-text

Web-Based Software Applications for Frailty Assessment in Older Adults: Current Status and Insights Into Future Development

10.21203/rs.3.rs-745314/v1 ◽

2021 ◽

Author(s):

Riley Chang ◽

Hilary Low ◽

Andrew McDonald ◽

Grace Park ◽

Xiaowei Song

Keyword(s):

Early Detection ◽

Web Application ◽

Web Applications ◽

Assessment Tools ◽

Current Status ◽

Application Development ◽

Web Based ◽

Specific Patient ◽

Software Applications ◽

Frailty Assessment

Abstract Background: A crucial aspect of continued senior care is the early detection and management of frailty. Developing reliable and secure electronic frailty assessment tools can benefit virtual appointments, a need especially apparent since the COVID-19 pandemic. An emerging effort has targeted web-based software applications to improve accessibility and usage. Methods: We conducted an environmental scan through MEDLINE and Google searches (last updated on June 1st, 2021) to identify currently available web applications, each of which was evaluated and assigned a rating score based on eight featured categories.Results: Twelve web-based frailty assessment applications were found, chiefly provided by the USA (50%) or European countries (42%) and focused on frailty grading and outcome prediction for specific patient groups (58%). The categories that scored well among the applications included the User Interface (2.67/3) and the Cost (2.75/3). Other categories had a mean score of 1.5 or lower. The least developed features in the existing web applications included Data Saving.Conclusions: This is the first study that has compiled a comprehensive list of frailty assessments available online, described their usage and evaluated their advantages and limitations. The study emphasized several essential features with future web application development to support early detection and management of frailty with virtual care.

Download Full-text

Pen Testing for Web Applications

International Journal of Information Technology and Web Engineering ◽

10.4018/jitwe.2012070101 ◽

2012 ◽

Vol 7 (3) ◽

pp. 1-13 ◽

Cited By ~ 1

Author(s):

Ahmad Al-Ahmad ◽

Belal Abu Ata ◽

Abdullah Wahbeh

Keyword(s):

Web Application ◽

Web Applications ◽

Acceptable Level ◽

Web Pages ◽

Test Results ◽

Security Vulnerabilities ◽

Testing Tools ◽

Security Levels

As many Web applications are developed daily and used extensively, it becomes important for developers and testers to improve these application securities. Pen testing is a technique that helps these developers and testers to ensure that the security levels of their Web application are at acceptable level to be used safely. Different tools are available for Pen testing Web applications; in this paper the authors compared six Pen testing tools for Web applications. The main goal of these tests is to check whether there are any security vulnerabilities in Web applications. A list of faults injected into set of Web pages is used in order to check if tools can find them as they are claimed. Test results showed that these tools are not efficient and developers should not depend solely on them.

Download Full-text

Learning From Doing

International Journal of Web-Based Learning and Teaching Technologies ◽

10.4018/ijwltt.20210701.oa3 ◽

2021 ◽

Vol 16 (4) ◽

pp. 33-46

Author(s):

Nicole Wang-Trexler ◽

Martin K-C. Yeh ◽

William C. Diehl ◽

Rebecca E. Heiser ◽

Andrea Gregg ◽

...

Keyword(s):

Educational Technology ◽

Performance Optimization ◽

Web Application ◽

Web Applications ◽

Social Performance ◽

Software Applications ◽

Interpretive Case Study ◽

The Social ◽

Successes And Challenges

Software applications in educational technology have been a strong driving force for the success of online learning at all levels. These applications are created for various purposes and are used by a range of experts. The development of a successful educational technology software takes a deliberate team effort and thoughtful project management. This interpretive case study details the processes, successes, and challenges determined throughout the development of an educational web application, the Social Performance Optimization Tool (SPOT). In describing the evolution of SPOT, and the processes the heterogeneous team followed in the development of the web application, this study provides analysis and guidance to educational researchers who are interested in developing educational web applications in the future. The study described how authors mindfully adopted software design models, team management techniques, and communication tools. Additionally, the paper highlights practical and unique implications developers must account for when working in higher education contexts.

Download Full-text