System, Method and Apparatus for Specializing Dynamic Software Testing according to Coding Hints
Publication Date: 2014-Jul-30
The IP.com Prior Art Database
The crux of this invention is to apply speciazliation of the testing system according to coding trends pertaining to the underlying software system. Intuitively, a piece of code that the developer spent more time and effort on is likely more relevant from a testing standpoint (e.g., reflecting core business logic or the security layer of the application).
Page 01 of 3
Method and Apparatus for Specializing Dynamic Software Testing according
Method and Apparatus for Specializing Dynamic Software Testing according to Coding Hints
Background. Dynamic testing of software systems is, by definition, an open challenge. The
analysis tool needs to balance between performance and coverage, where these two
considerations are obviously in conflict. The more effort the analysis expends on exposing bugs,
the slower it runs and the worse it scales. On the other hand, optimizing the analysis for performance would likely affect coverage adversely.
The main question, therefore, is how to strike an effective balance between coverage and
performance. This requires a principled and effective strategy for selecting which of the available tests to discharge against the subject software system. If extensive pruning is possible, then the testing system can start from a rich and diverse population of payloads and still manage to scale, thereby ensuring satisfactory coverage. Background art. The most immediate work that comes to mind within the scope defined above
is the XSS Analyzer system [XSSAnalyzer]*, which balances between performance and
coverage by applying online pruning of the payload space. Beyond XSS Analyzer*, there are also
more simple probing algorithms, e.g. the AppScan Standard [AppScanSTD]* algorithm for
pruning cross-site scripting (XSS)* payloads based on a check whether a benign probe value is reflected in the response from the website.
Summary. The main idea of this invention is to apply specialization of the testing system
according to coding trends pertaining to the underlying software system. Our meaning
specialization is that the testing system adapts, or customizes, its behavior per the specific
application at hand. Our meaning with coding trends is that the model the testing system builds
of the application is in terms of how its code was written. Intuitively, a piece of code that the
developer spent more time and effort on is likely more relevant from a testing standpoint (e.g.,
reflecting core business logic or the security layer of the application).
Description. At the heart of our specialization technique lies the idea, briefly stated
complicated/subtle/critical code is code that the testing system should examine more closely.
However, there is no absolute criterion for what constitutes critical code, and the analysis is
assumed to be fully/largely automated.
Existing frameworks provide many reusable building blocks - e.g. to develop UI
Page 02 of 3
web functionality like serialization and backend storage, mobile apps, etc - and so the
developer can concentrate more time and effort on unique aspects of the application at hand...