Web Application Bypass Testing

Workshop on Quality Assurance and Testing of Web-Based Applications, Associated with COMPSAC 2004, pages 106-109, Hong Kong, PRC, September 2004.

Jeff Offutt, Ye Wu, Xiaochen Du and Hong Huang

Abstract

Input validation refers to checking user inputs to a program to ensure that they conform to expectations of the program. Input validation is used to check the format of numbers and strings, check the length of strings, and to ensure that strings do not contain invalid characters. Input validation testing (IVT) is particularly important for software that has a heavy reliance on user inputs, including Web applications. A common technique in Web applications is to perform input validation on the client by using HTML attributes and scripting languages such as JavaScript. An insidious problem with performing input validation on the client is that end users have the ability to bypass this validation. Bypass testing is a unique and novel way to create test cases that is available only because of the unusual mix of client-server, HTML GUI, and JavaScript technologies that are used in Web applications. This workshop paper presents the issues and concerns that allow bypass testing, the preliminary concepts behind the technique, and some early results on applying it. How effective and useful bypass testing can be in testing Web applications will be determined through ongoing research and automation.



Back to my home page.