Finding Bugs In Dynamic Web Applications

Title:	Finding Bugs In Dynamic Web Applications
Author:	Artzi, Shay; Kiezun, Adam; Dolby, Julian; Tip, Frank; Dig, Danny; Paradkar, Amit; Ernst, Michael D.
Other Contributors:	Program Analysis
Advisor:	Michael Ernst
Issue Date:	2008-02-06
Abstract:	Web script crashes and malformed dynamically-generated web pages are common errors, and they seriously impact usability of web applications. Currenttools for web-page validation cannot handle the dynamically-generatedpages that are ubiquitous on today's Internet.In this work, we apply a dynamic test generation technique, based oncombined concrete and symbolic execution, to the domain of dynamic webapplications. The technique generates tests automatically andminimizes the bug-inducing inputs to reduce duplication and to makethe bug reports small and easy to understand and fix.We implemented the technique in Apollo, an automated tool thatfound dozens of bugs in real PHP applications. Apollo generatestest inputs for the web application, monitors the application forcrashes, and validates that the output conforms to the HTMLspecification. This paper presents Apollo's algorithms andimplementation, and an experimental evaluation that revealed a totalof 214 bugs in 4 open-source PHP web applications.
URI:	http://hdl.handle.net/1721.1/40249
Other Identifiers:	MIT-CSAIL-TR-2008-006
Related To	Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory
Keywords:	html, syntax, validation, dynamic, bug

Files in this item

Files	Size	Format	View
MIT-CSAIL-TR-2008-006.pdf	435.9Kb	PDF	View/Open
MIT-CSAIL-TR-2008-006.ps	4.156Mb	Postscript	View/Open

The following license files are associated with this item: