GMU Software Engineering Seminar Series

 

***********************************************

Date: Monday, 04/21/2008

Time: 1:00 – 2:00 PM

Location: 430A ST2

***********************************************

 

Title: An Industrial Case Study of Bypass Testing on Web Applications

 

Speaker: Jeff Offutt

 

Abstract

Web applications are interactive programs that are deployed on the world wide web.  Their execution is usually controlled very heavily by user choices and user data.  This makes them vulnerable to abnormal behavior from invalid inputs as well as security attacks.  Thus, web applications invest heavily in validating user inputs according to defined constraints on the values.  This work focuses on validation done on the client, which uses two types of technologies; restrictions in HTML form fields and scripts that check values.  Unfortunately users have the ability to subvert or skip client-side validation.  Bypass testing has been developed to test the behavior of web applications when client-side validation is skipped.  This paper presents results from an industry case study of bypass testing applied to a project from Avaya Research Labs, NPP.  The paper presents a process for designing, implementing, automating and developing bypass tests.  The theory of bypass testing had to be adapted to the unique characteristics of NPP software, which represented a significant engineering challenge.  The 184 tests that were generated resulted in 63 unique failures, providing significant experience and numerous lessons learned.  The case study also revealed several difficult problems that need to be addressed in future research.

 

Bio

Dr. Jeff Offutt is a Professor of Software Engineering at George Mason University.  He is a part-time visiting faculty member of University of Skovde, Skovde Sweden, where he participates in the Distributed Real-Time Systems Research Group (DRTS), contributing expertise on software engineering and software testing.  His current research interests include software testing, analysis and testing of web applications, object-oriented program analysis, module and integration testing, formal methods, and software maintenance.  He has published over 100 refereed research papers in software engineering journals and conferences.  Offutt is editor-in-chief of Wiley's journal of Software Testing, Verification and Reliability, is the chair of the steering committee for the IEEE International Conference on Software Testing, Verification, and Validation (ICST) and program co-chair for ICST 2009, is on the editorial boards for EmSE, the SoSyM, and SQJ, and for IEEE TSE from 2001 to 2005.  He has been involved in a number of software proof-of-concept research systems, including MuJava, Mothra, Godzilla, CBat, Mistix, Albert, CoupTest, and SpecTest, several of which have been used by many other software engineering researchers.  He has made fundamental contributions to several software testing problems, including mutation, automatic test data generation, object-oriented testing, input space partitioning, specification-based testing, model-based testing, and testing of web applications.  His book, Introduction to Software Testing (co-authored with Paul Ammann), was published by Cambridge University Press in January 2008.  He received the Best Teacher Award from the School of Information Technology and Engineering in 2003.  Offutt received a PhD degree in Computer Science from the Georgia Institute of Technology, and is a member of the ACM and IEEE Computer Society.  He is on the technical board of advisors for Certess, Inc.