TY - GEN
T1 - Web application bypass testing
AU - Offutt, Jeff
AU - Wu, Ye
AU - Du, Xiaochen
AU - Huang, Hong
PY - 2004
Y1 - 2004
N2 - Input validation refers to checking user inputs to a program to ensure that they conform to expectations of the program. Input validation is used to check the format of numbers and strings, check the length of strings, and to ensure that strings do not contain invalid characters. Input validation testing (IVT) is particularly important for software that has a heavy reliance on user inputs, including Web applications. A common technique in Web applications is to perform input validation on the client by using HTML attributes and scripting languages such as JavaScript. An insidious problem with performing input validation on the client is that end users have the ability to bypass this validation. Bypass testing is a unique and novel way to create test cases that is available only because of the unusual mix of client-server, HTML GUI, and JavaScript technologies that are used in Web applications. This workshop paper presents the issues and concerns that allow bypass testing, the preliminary concepts behind the technique, and some early results on applying it. How effective and useful bypass testing can be in testing Web applications will be determined through ongoing research and automation.
AB - Input validation refers to checking user inputs to a program to ensure that they conform to expectations of the program. Input validation is used to check the format of numbers and strings, check the length of strings, and to ensure that strings do not contain invalid characters. Input validation testing (IVT) is particularly important for software that has a heavy reliance on user inputs, including Web applications. A common technique in Web applications is to perform input validation on the client by using HTML attributes and scripting languages such as JavaScript. An insidious problem with performing input validation on the client is that end users have the ability to bypass this validation. Bypass testing is a unique and novel way to create test cases that is available only because of the unusual mix of client-server, HTML GUI, and JavaScript technologies that are used in Web applications. This workshop paper presents the issues and concerns that allow bypass testing, the preliminary concepts behind the technique, and some early results on applying it. How effective and useful bypass testing can be in testing Web applications will be determined through ongoing research and automation.
UR - https://www.scopus.com/pages/publications/18844388446
U2 - 10.1109/CMPSAC.2004.1342687
DO - 10.1109/CMPSAC.2004.1342687
M3 - Conference contribution
SN - 0769522092
T3 - Proceedings - International Computer Software and Applications Conference
SP - 106
EP - 109
BT - Proceedings of the 28th Annual International Computer Software and Applications Conference; Workshop Papers and Fast Abstracts, COMPSAC 2004
T2 - Proceedings of the 28th Annual International Computer Software and Applications Conference; Workshop Papers and Fast Abstracts, COMPSAC 2004
Y2 - 28 September 2004 through 30 September 2004
ER -