AIR Tester: 針對腳本語言與網頁應用程式之侵入式回歸測試工具
No Thumbnail Available
Date
2011
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
在各種網頁應用程式與服務(以下簡稱網路服務)普及化的同時,網路服務的安全與穩定成為新的議題。網路服務經常被新增或修改功能,在這些修改過程中,可能會更動到之前的程式碼,造成新的安全性問題而未發覺。為了避免此類問題,在開發過程中導入回歸測試(Regression Testing)是常見的解決方案。
然而傳統式的網路服務回歸測試只會模擬使用者輸入,並檢查網頁上輸出的資訊;對於許多網路服務而言,僅檢查輸出資訊將可能遺漏許多有用的資訊,包括:SESSION、COOKIE記錄、POST信息,或其他不會輸出在網頁上的資訊。若在這些資訊中發生錯誤,將很可能被忽略,這對於網路服務的安全性將無法達到有效的改善。
為了解決上述網路服務安全性的問題,本研究開發了一套針對網路服務的回歸測試工具,利用自動化分析的方式來進行程式嵌入(Program Instrumentation),減輕開發人員或測試人員的負擔。
While web services become more and more popular nowadays, the security issues and the stability of the web services have been taken more seriously. Since web services can be modified often, new bugs might be created in the changes and hence causing some new security problems. To avoid the issue stated above, the common way is to use regression testing to ensure that stable features have not been broken by the changes. However, conventional regression testing can be ineffective in addressing the problems, since the technique mostly depends on simulating user input and checking the output data shown on the web pages. Lots of useful information such as browser sessions, cookies, or http post data which could not be outputted on the pages could not be verified. Therefore if there is an error occurs below the “surface”, it is likely to be ignored. To solve the problem, we develop a regression testing tool called “AIR Tester” for web applications. Not only it analyzes the source files of the web applications automatically, but it is able to access all information in the web application through “program instrumentation”. The goal of this tool is to increase the power of test regression so that hidden errors can be revealed.
While web services become more and more popular nowadays, the security issues and the stability of the web services have been taken more seriously. Since web services can be modified often, new bugs might be created in the changes and hence causing some new security problems. To avoid the issue stated above, the common way is to use regression testing to ensure that stable features have not been broken by the changes. However, conventional regression testing can be ineffective in addressing the problems, since the technique mostly depends on simulating user input and checking the output data shown on the web pages. Lots of useful information such as browser sessions, cookies, or http post data which could not be outputted on the pages could not be verified. Therefore if there is an error occurs below the “surface”, it is likely to be ignored. To solve the problem, we develop a regression testing tool called “AIR Tester” for web applications. Not only it analyzes the source files of the web applications automatically, but it is able to access all information in the web application through “program instrumentation”. The goal of this tool is to increase the power of test regression so that hidden errors can be revealed.
Description
Keywords
回歸測試, 腳本語言, 網路服務, 程式嵌入, regression testing, script language, web service, program instrumentation