Abstract
A Navigation State Machine (NSM) is a conceptual map of all possible page sequences in a web application that can be used to statically verify navigation properties. The automated extraction of an NSM from a running application is currently an open problem, as the output of existing web crawlers is not appropriate for model checking. This paper presents SiteHopper, a crawler that computes on-the-fly an abstraction of the NSM based on link and page contents. Experiments show that verification is sped up by many orders of magnitude for applications of real-world scale.
We acknowledge the financial support of the Natural Sciences and Engineering Research Council of Canada (NSERC) and the Fonds québécois de recherche sur la nature et les technologies (FQRNT).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Alalfi, M.H., Cordy, J.R., Dean, T.R.: Automated reverse engineering of UML sequence diagrams for dynamic web applications. In: 1st International Workshop on Web Testing (WebTest 2010), pp. 1–8 (2009)
Alalfi, M.H., Cordy, J.R., Dean, T.R.: WAFA: Fine-grained dynamic analysis of web applications. In: WSE, pp. 141–150. IEEE Computer Society (2009)
Antoniol, G., Di Penta, M., Zazzara, M.: Understanding web applications through dynamic analysis. In: IWPC, pp. 120–131. IEEE Computer Society (2004)
Benedikt, M., Freire, J., Godefroid, P.: Veriweb: Automatically testing dynamic web sites. In: World Wide Web Conference Series (2002)
Castelluccia, D., Mongiello, M., Ruta, M., Totaro, R.: WAVer: A model checking-based tool to verify web application design. Electr. Notes Theor. Comput. Sci. 157(1), 61–76 (2006)
Cornelissen, B., Zaidman, A., van Deursen, A., Moonen, L., Koschke, R.: A systematic survey of program comprehension through dynamic analysis. IEEE Trans. Software Eng. 35(5), 684–702 (2009)
Deutsch, A., Marcus, M., Sui, L., Vianu, V., Zhou, D.: A verifier for interactive, data-driven web applications. In: SIGMOD Conference, pp. 539–550. ACM (2005)
Guha, A., Krishnamurthi, S., Jim, T.: Using static analysis for Ajax intrusion detection. In: WWW, pp. 561–570. ACM (2009)
Hallé, S., Ettema, T., Bunch, C., Bultan, T.: Eliminating navigation errors in web applications via model checking and runtime enforcement of navigation state machines. In: ASE, pp. 235–244. ACM (2010)
Licata, D.R., Krishnamurthi, S.: Verifying interactive web programs. In: ASE, pp. 164–173. IEEE Computer Society (2004)
Di Lucca, G.A., Fasolino, A.R., Tramontana, P.: Reverse engineering web applications: the WARE approach. Journal of Software Maintenance 16(1-2), 71–101 (2004)
OWASP. Top ten web application security risks (2010), https://www.owasp.org/index.php/Top10 (retrieved May 19, 2011)
Ricca, F., Tonella, P.: Understanding and restructuring web sites with ReWeb. IEEE MultiMedia 8(2), 40–51 (2001)
Di Sciascio, E., Donini, F.M., Mongiello, M., Totaro, R., Castelluccia, D.: Design verification of web applications using symbolic model checking. In: Lowe, D.G., Gaedke, M. (eds.) ICWE 2005. LNCS, vol. 3579, pp. 69–74. Springer, Heidelberg (2005)
Tonella, P., Ricca, F.: A 2-layer model for the white-box testing of web applications. In: WSE, pp. 11–19. IEEE Computer Society (2004)
Yuen, S., Kato, K., Kato, D., Agusa, K.: Web automata: A behavioral model of web applications based on the MVC model. Information and Media Technologies 1(1), 66–79 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Demarty, G., Maronnaud, F., Le Breton, G., Hallé, S. (2013). SiteHopper: Abstracting Navigation State Machines for the Efficient Verification of Web Applications. In: ter Beek, M.H., Lohmann, N. (eds) Web Services and Formal Methods. WS-FM 2012. Lecture Notes in Computer Science, vol 7843. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38230-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-38230-7_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38229-1
Online ISBN: 978-3-642-38230-7
eBook Packages: Computer ScienceComputer Science (R0)