Académique Documents
Professionnel Documents
Culture Documents
Applications
CSE 6329
Special Topics in
Advanced Software Engineering
Presented By
Web Threats
Web script crashes and malformed
dynamically-generated Web pages impact
usability of Web applications
Malformed HTML
HTML that does not conform to the WDG (Web
Design Group) or W3Cs (World Wide Web
Consortium) standard
Not using defined tags by W3C (e.g.
<html><table><div>..etc.)
Not maintaining the structure(e.g.
<html><header></header><body> .. </body></html>)
Not using proper opening and matching closing tag
etc.
The Problem
Bad scripts creating syntactically-malformed
HTML
Partially displayable or Non-displayable HTML
Browsers attempt to correct crashes
Slower HTML rendering
Discard important information
Trouble indexing correct pages for search engines
Example
More Problems
Dynamic web page testing challenges
HTML validation tools only perform testing of
static page
Can not fully capture behavior since not all of
functionality of code is found in the HTML result
No automatic validator for scripting languages
that dynamically generate HTML pages
HTML Kit validates every generated page but requires manual
generation of inputs that lead to displaying pages
Why
Object oriented
Scripting
21 millions domains1 (75%) are powered
including large websites like Wikipedia,
WordPress, Facebook, Dig etc.
1Source
Example:
program
SchoolMate.php
Allows school administrators to manage classes
and users, teachers to manage assignments and
grades and students to access their information
Typical URL:
schoolmate.php?page=1&page2=100&login=1&
username=user&password=password
printReportCards.php
missing
HTML failures
Malformed HTML
Failure-Finding in PHP
Applications
Concolic Testing Dynamic Test Generation Technique
Execute application on
1. Initially on empty input
2. Then on additional inputs, obtained by solving
constraints that are derived from control flow paths
Extensions
Transformation of Code
Interactive HTML pages with buttons and
menus
For each page (h) that contains N buttons
Add additional input parameter p to PHP program
Values range from 1 to N
An example
<?php
echo <h2>Webchess .$Version. login</h2>;
?>
<form method = post action =
mainmenu.php>
<p>
Nick: <input name=txtNick type=text
size=15 /><br />
Password: <input name=pwdPassword
type=password size =15 />
</p>
<p>
<input name=login value=login
type=submit />
<input name=newAccount value=New
Account type=button onClick
=window.open(newuser.php, _self) />
</p>
</form>
<?
/* Simulated User Input
*/
Switch ($_GET*_btn+ ,
Case 1:
require_once(mainmenu.php);
break;
Case 2:
require_once (newuser.php);
break;
}
?>
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
1.
foreach i = 1,. . . ,n do
queue(pcQueue, newPC);
1.return B;
Execution