MiTV: Multiple-implementation testing of user-input validators for web applications

Kunal Taneja, Nuo Li, Madhuri R. Marri, Tao Xie, Nikolai Tillmann

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

User-input validators play an essential role in guarding a web application against application-level attacks. Hence, the security of the web application can be compromised by defective validators. To detect defects in validators, testing is one of the most commonly used methodologies. Testing can be performed by manually writing test inputs and oracles, but this manual process is often laborintensive and ineffective. On the other hand, automated test generators cannot generate test oracles in the absence of specifications, which are often not available in practice. To address this issue in testing validators, we propose a novel approach, called MiTV, that applies Multiple-implementation Testing for Validators, i.e., comparing the behavior of a validator under test with other validators of the same type. These other validators of the same type can be collected from either open or proprietary source code repositories. To show the effectiveness of MiTV, we applied MiTV on 53 different validators (of 6 common types) for web applications. Our results show that MiTV detected real defects in 70% of the validators.

Original languageEnglish (US)
Title of host publicationASE'10 - Proceedings of the IEEE/ACM International Conference on Automated Software Engineering
Pages131-134
Number of pages4
DOIs
StatePublished - Dec 10 2010
Externally publishedYes
Event25th IEEE/ACM International Conference on Automated Software Engineering, ASE'10 - Antwerp, Belgium
Duration: Sep 20 2010Sep 24 2010

Publication series

NameASE'10 - Proceedings of the IEEE/ACM International Conference on Automated Software Engineering

Other

Other25th IEEE/ACM International Conference on Automated Software Engineering, ASE'10
CountryBelgium
CityAntwerp
Period9/20/109/24/10

Keywords

  • Reliability
  • Security

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Human-Computer Interaction
  • Software

Fingerprint Dive into the research topics of 'MiTV: Multiple-implementation testing of user-input validators for web applications'. Together they form a unique fingerprint.

  • Cite this

    Taneja, K., Li, N., Marri, M. R., Xie, T., & Tillmann, N. (2010). MiTV: Multiple-implementation testing of user-input validators for web applications. In ASE'10 - Proceedings of the IEEE/ACM International Conference on Automated Software Engineering (pp. 131-134). (ASE'10 - Proceedings of the IEEE/ACM International Conference on Automated Software Engineering). https://doi.org/10.1145/1858996.1859019