SiteHopper: Abstracting Navigation State Machines for the Efficient Verification of Web Applications

Demarty, Guillaume; Maronnaud, Fabien; Le Breton, Gabriel; Hallé, Sylvain

doi:10.1007/978-3-642-38230-7_7

SiteHopper: Abstracting Navigation State Machines for the Efficient Verification of Web Applications

Guillaume Demarty¹⁸,
Fabien Maronnaud¹⁸,
Gabriel Le Breton¹⁸ &
…
Sylvain Hallé¹⁸

Conference paper

530 Accesses
4 Citations

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7843))

Abstract

A Navigation State Machine (NSM) is a conceptual map of all possible page sequences in a web application that can be used to statically verify navigation properties. The automated extraction of an NSM from a running application is currently an open problem, as the output of existing web crawlers is not appropriate for model checking. This paper presents SiteHopper, a crawler that computes on-the-fly an abstraction of the NSM based on link and page contents. Experiments show that verification is sped up by many orders of magnitude for applications of real-world scale.

We acknowledge the financial support of the Natural Sciences and Engineering Research Council of Canada (NSERC) and the Fonds québécois de recherche sur la nature et les technologies (FQRNT).

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 49.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Alalfi, M.H., Cordy, J.R., Dean, T.R.: Automated reverse engineering of UML sequence diagrams for dynamic web applications. In: 1st International Workshop on Web Testing (WebTest 2010), pp. 1–8 (2009)
Google Scholar
Alalfi, M.H., Cordy, J.R., Dean, T.R.: WAFA: Fine-grained dynamic analysis of web applications. In: WSE, pp. 141–150. IEEE Computer Society (2009)
Google Scholar
Antoniol, G., Di Penta, M., Zazzara, M.: Understanding web applications through dynamic analysis. In: IWPC, pp. 120–131. IEEE Computer Society (2004)
Google Scholar
Benedikt, M., Freire, J., Godefroid, P.: Veriweb: Automatically testing dynamic web sites. In: World Wide Web Conference Series (2002)
Google Scholar
Castelluccia, D., Mongiello, M., Ruta, M., Totaro, R.: WAVer: A model checking-based tool to verify web application design. Electr. Notes Theor. Comput. Sci. 157(1), 61–76 (2006)
Article Google Scholar
Cornelissen, B., Zaidman, A., van Deursen, A., Moonen, L., Koschke, R.: A systematic survey of program comprehension through dynamic analysis. IEEE Trans. Software Eng. 35(5), 684–702 (2009)
Article Google Scholar
Deutsch, A., Marcus, M., Sui, L., Vianu, V., Zhou, D.: A verifier for interactive, data-driven web applications. In: SIGMOD Conference, pp. 539–550. ACM (2005)
Google Scholar
Guha, A., Krishnamurthi, S., Jim, T.: Using static analysis for Ajax intrusion detection. In: WWW, pp. 561–570. ACM (2009)
Google Scholar
Hallé, S., Ettema, T., Bunch, C., Bultan, T.: Eliminating navigation errors in web applications via model checking and runtime enforcement of navigation state machines. In: ASE, pp. 235–244. ACM (2010)
Google Scholar
Licata, D.R., Krishnamurthi, S.: Verifying interactive web programs. In: ASE, pp. 164–173. IEEE Computer Society (2004)
Google Scholar
Di Lucca, G.A., Fasolino, A.R., Tramontana, P.: Reverse engineering web applications: the WARE approach. Journal of Software Maintenance 16(1-2), 71–101 (2004)
Google Scholar
OWASP. Top ten web application security risks (2010), https://www.owasp.org/index.php/Top10 (retrieved May 19, 2011)
Ricca, F., Tonella, P.: Understanding and restructuring web sites with ReWeb. IEEE MultiMedia 8(2), 40–51 (2001)
Article Google Scholar
Di Sciascio, E., Donini, F.M., Mongiello, M., Totaro, R., Castelluccia, D.: Design verification of web applications using symbolic model checking. In: Lowe, D.G., Gaedke, M. (eds.) ICWE 2005. LNCS, vol. 3579, pp. 69–74. Springer, Heidelberg (2005)
Chapter Google Scholar
Tonella, P., Ricca, F.: A 2-layer model for the white-box testing of web applications. In: WSE, pp. 11–19. IEEE Computer Society (2004)
Google Scholar
Yuen, S., Kato, K., Kato, D., Agusa, K.: Web automata: A behavioral model of web applications based on the MVC model. Information and Media Technologies 1(1), 66–79 (2006)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science and Mathematics, Université du Québec à Chicoutimi, Canada
Guillaume Demarty, Fabien Maronnaud, Gabriel Le Breton & Sylvain Hallé

Authors

Guillaume Demarty
View author publications
You can also search for this author in PubMed Google Scholar
Fabien Maronnaud
View author publications
You can also search for this author in PubMed Google Scholar
Gabriel Le Breton
View author publications
You can also search for this author in PubMed Google Scholar
Sylvain Hallé
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

ISTI–CNR, Pisa, Italy
Maurice H. ter Beek
Institut für Informatik, Universität Rostock, 18051, Rostock, Germany
Niels Lohmann

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Demarty, G., Maronnaud, F., Le Breton, G., Hallé, S. (2013). SiteHopper: Abstracting Navigation State Machines for the Efficient Verification of Web Applications. In: ter Beek, M.H., Lohmann, N. (eds) Web Services and Formal Methods. WS-FM 2012. Lecture Notes in Computer Science, vol 7843. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38230-7_7

Download citation

DOI: https://doi.org/10.1007/978-3-642-38230-7_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38229-1
Online ISBN: 978-3-642-38230-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics