DETECTING EXECUTION AND HTML ERRORS IN ASP.NET WEB APPLICATIONS

Mehmet Erdal Özkınacı, Aysu Betin Can

2011

Abstract

Dynamic web applications are becoming widespread nearly in every area. ASP.NET is one of the popular development technologies in this domain. The errors in these web applications can reduce the credibility of the site and cause possible loss of a number of clients. Therefore, testing these applications becomes significant. We present an automated tool to test ASP.NETweb applications against execution errors and HTML errors that cause displaying inaccurate and incomplete information. Our tool, called Mamoste, adapts concolic testing technique which interleaves concrete and symbolic execution to generate test inputs dynamically. Mamoste also considers page events as inputs which cannot be handled with concolic testing. We have performed experiments on a subset of a heavily used ASP.NET application of a government office. We have found 366 HTML errors and a faulty component which is used almost every page in this application. In addition, Mamoste discovered that a common user control is misused in several dynamically generated pages.

References

  1. Artzi, S., Kiez?un, A., Dolby, J., Tip, F., Dig, D., Paradkar, A., and Ernst, M. D. (2010). Finding bugs in web applications using dynamic test generation and explicit state model checking. IEEE TSE, 36(4):474-494.
  2. Artzi, S., Kiez?un, A., Dolby, J., Tip, F., Dig, D., Paradkar, A., and Ernst, M. D. (2010). Finding bugs in web applications using dynamic test generation and explicit state model checking. IEEE TSE, 36(4):474-494.
  3. Emmi, M., Majumdar, R., and Sen, K. (2007). Dynamic test input generation for database applications. In Proc. of ISSTA.
  4. Emmi, M., Majumdar, R., and Sen, K. (2007). Dynamic test input generation for database applications. In Proc. of ISSTA.
  5. Fu, X., Lu, X., Peltsverger, B., and Chen, S. (2007). A static analysis framework for detecting sql injection vulnerabilities. In Proc. of Computer Software and Applications Conference, pages 87-96.
  6. Fu, X., Lu, X., Peltsverger, B., and Chen, S. (2007). A static analysis framework for detecting sql injection vulnerabilities. In Proc. of Computer Software and Applications Conference, pages 87-96.
  7. Godefroid, P., Klarlund, N., and Sen, K. (2005). Dart: Directed automated random testing. In Proc. of PLDI.
  8. Godefroid, P., Klarlund, N., and Sen, K. (2005). Dart: Directed automated random testing. In Proc. of PLDI.
  9. Halfond, W. G., Anand, S., and Orso, A. (2009). Precise interface identification to improve testing and analysis of web applications. In Proc. of ISSTA.
  10. Halfond, W. G., Anand, S., and Orso, A. (2009). Precise interface identification to improve testing and analysis of web applications. In Proc. of ISSTA.
  11. Sen, K., Marinov, D., and Agha, G. (2005). Cute: A concolic unit testing engine for c. In Proc. of ESEC/FSE.
  12. Sen, K., Marinov, D., and Agha, G. (2005). Cute: A concolic unit testing engine for c. In Proc. of ESEC/FSE.
  13. Wassermann, G., Yu, D., Chander, A., Dhurjati, D., Inamura, H., and Su, Z. (2008). Dynamic test input generation for web applications. In Proc. of ISSTA.
  14. Wassermann, G., Yu, D., Chander, A., Dhurjati, D., Inamura, H., and Su, Z. (2008). Dynamic test input generation for web applications. In Proc. of ISSTA.
Download


Paper Citation


in Harvard Style

Erdal Özkınacı M. and Betin Can A. (2011). DETECTING EXECUTION AND HTML ERRORS IN ASP.NET WEB APPLICATIONS . In Proceedings of the 6th International Conference on Software and Database Technologies - Volume 2: ICSOFT, ISBN 978-989-8425-77-5, pages 172-178. DOI: 10.5220/0003503101720178


in Harvard Style

Erdal Özkınacı M. and Betin Can A. (2011). DETECTING EXECUTION AND HTML ERRORS IN ASP.NET WEB APPLICATIONS . In Proceedings of the 6th International Conference on Software and Database Technologies - Volume 2: ICSOFT, ISBN 978-989-8425-77-5, pages 172-178. DOI: 10.5220/0003503101720178


in Bibtex Style

@conference{icsoft11,
author={Mehmet Erdal Özkınacı and Aysu Betin Can},
title={DETECTING EXECUTION AND HTML ERRORS IN ASP.NET WEB APPLICATIONS},
booktitle={Proceedings of the 6th International Conference on Software and Database Technologies - Volume 2: ICSOFT,},
year={2011},
pages={172-178},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003503101720178},
isbn={978-989-8425-77-5},
}


in Bibtex Style

@conference{icsoft11,
author={Mehmet Erdal Özkınacı and Aysu Betin Can},
title={DETECTING EXECUTION AND HTML ERRORS IN ASP.NET WEB APPLICATIONS},
booktitle={Proceedings of the 6th International Conference on Software and Database Technologies - Volume 2: ICSOFT,},
year={2011},
pages={172-178},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003503101720178},
isbn={978-989-8425-77-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 6th International Conference on Software and Database Technologies - Volume 2: ICSOFT,
TI - DETECTING EXECUTION AND HTML ERRORS IN ASP.NET WEB APPLICATIONS
SN - 978-989-8425-77-5
AU - Erdal Özkınacı M.
AU - Betin Can A.
PY - 2011
SP - 172
EP - 178
DO - 10.5220/0003503101720178


in EndNote Style

TY - CONF
JO - Proceedings of the 6th International Conference on Software and Database Technologies - Volume 2: ICSOFT,
TI - DETECTING EXECUTION AND HTML ERRORS IN ASP.NET WEB APPLICATIONS
SN - 978-989-8425-77-5
AU - Erdal Özkınacı M.
AU - Betin Can A.
PY - 2011
SP - 172
EP - 178
DO - 10.5220/0003503101720178