Published: July 25, 2017
Author(s)
M S Raunak (Loyola University Maryland), Richard Kuhn (NIST), Raghu Kacker (NIST)
Conference
Name: 2017 IEEE International Conference on Software Quality Reliability and Security (QRS-C 2017)
Dates: 07/25/2017 - 07/29/2017
Location: Prague, Czech Republic
Citation: Proceedings. 2017 IEEE International Conference on Software Quality, Reliability and Security (Companion Volume) (QRS-C 2017), pp. 100-107
Database driven web applications are some of the most widely developed systems today. In this paper, we demonstrate use of combinatorial testing for testing database supported web applications, especially where full-text search is provided or many combinations of search options are utilized. We develop test-case selection techniques, where test strings are synthesized using characters or string fragments that may lead to system failure. We have applied our approach to the National Vulnerability Database (NVD) application and have discovered a number of "corner-cases" that had not been identified previously. We also present simple heuristics for isolating the fault causing factors that can lead to such system failures. The test method and input model described in this paper have immediate application to other systems that provide complex full text search.
Database driven web applications are some of the most widely developed systems today. In this paper, we demonstrate use of combinatorial testing for testing database supported web applications, especially where full-text search is provided or many combinations of search options are utilized. We...
See full abstract
Database driven web applications are some of the most widely developed systems today. In this paper, we demonstrate use of combinatorial testing for testing database supported web applications, especially where full-text search is provided or many combinations of search options are utilized. We develop test-case selection techniques, where test strings are synthesized using characters or string fragments that may lead to system failure. We have applied our approach to the National Vulnerability Database (NVD) application and have discovered a number of "corner-cases" that had not been identified previously. We also present simple heuristics for isolating the fault causing factors that can lead to such system failures. The test method and input model described in this paper have immediate application to other systems that provide complex full text search.
Hide full abstract
Keywords
database; full-text search; fuzz testing; combinatorial testing; web application
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
