[フレーム]
You are viewing this page in an unauthorized frame window.

This is a potential security issue, you are being redirected to https://csrc.nist.gov.

You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Publications

Conference Paper

Combinatorial Testing of Full Text Search in Web Applications

Documentation Topics

Published: July 25, 2017

Author(s)

M S Raunak (Loyola University Maryland), Richard Kuhn (NIST), Raghu Kacker (NIST)

Conference

Name: 2017 IEEE International Conference on Software Quality Reliability and Security (QRS-C 2017)
Dates: 07/25/2017 - 07/29/2017
Location: Prague, Czech Republic
Citation: Proceedings. 2017 IEEE International Conference on Software Quality, Reliability and Security (Companion Volume) (QRS-C 2017), pp. 100-107

Abstract

Database driven web applications are some of the most widely developed systems today. In this paper, we demonstrate use of combinatorial testing for testing database supported web applications, especially where full-text search is provided or many combinations of search options are utilized. We develop test-case selection techniques, where test strings are synthesized using characters or string fragments that may lead to system failure. We have applied our approach to the National Vulnerability Database (NVD) application and have discovered a number of "corner-cases" that had not been identified previously. We also present simple heuristics for isolating the fault causing factors that can lead to such system failures. The test method and input model described in this paper have immediate application to other systems that provide complex full text search.

Database driven web applications are some of the most widely developed systems today. In this paper, we demonstrate use of combinatorial testing for testing database supported web applications, especially where full-text search is provided or many combinations of search options are utilized. We... See full abstract

Database driven web applications are some of the most widely developed systems today. In this paper, we demonstrate use of combinatorial testing for testing database supported web applications, especially where full-text search is provided or many combinations of search options are utilized. We develop test-case selection techniques, where test strings are synthesized using characters or string fragments that may lead to system failure. We have applied our approach to the National Vulnerability Database (NVD) application and have discovered a number of "corner-cases" that had not been identified previously. We also present simple heuristics for isolating the fault causing factors that can lead to such system failures. The test method and input model described in this paper have immediate application to other systems that provide complex full text search.


Hide full abstract

Keywords

database; full-text search; fuzz testing; combinatorial testing; web application
Control Families

None selected

Documentation

Publication:
https://doi.org/10.1109/QRS-C.2017.24

Supplemental Material:
Preprint (pdf)

Document History:
07/25/17: Conference Paper (Final)

Topics

Security and Privacy

testing & validation

Technologies

databases

AltStyle によって変換されたページ (->オリジナル) /