Andrew F. Tappenden

A Novel Evolutionary Approach for Adaptive Random Testing

Random testing is a low cost strategy that can be applied to a wide range of testing problems. While the cost and straightforward application of random testing are appealing, these benefits must be evaluated against the reduced effectiveness due to the generality of the approach. Recently, a number of novel techniques, coined Adaptive Random Testing, have sought to increase the effectiveness of random testing by attempting to maximize the testing coverage of the input domain. This paper presents the novel application of an evolutionary search algorithm to this problem. The results of an extensive simulation study are presented in which the evolutionary approach is compared against the Fixed Size Candidate Set (FSCS), Restricted Random Testing (RRT), quasi-random testing using the Sobol sequence (Sobol), and random testing (RT) methods. The evolutionary approach was found to be superior to FSCS, RRT, Sobol, and RT amongst block patterns, the arena in which FSCS, and RRT have demonstrated the most appreciable gains in testing effectiveness. The results among fault patterns with increased complexity were shown to be similar to those of FSCS, and RRT; and showed a modest improvement over Sobol, and RT. A comparison of the asymptotic and empirical runtimes of the evolutionary search algorithm, and the other testing approaches, was also considered, providing further evidence that the application of an evolutionary search algorithm is feasible, and within the same order of time complexity as the other adaptive random testing approaches.

Centroidal Voronoi Tessellations- A New Approach to Random Testing

Although Random Testing (RT) is low cost and straightforward, its effectiveness is not satisfactory. To increase the effectiveness of RT, researchers have developed Adaptive Random Testing (ART) and Quasi-Random Testing (QRT) methods which attempt to maximize the test case coverage of the input domain. This paper proposes the use of Centroidal Voronoi Tessellations (CVT) to address this problem. Accordingly, a test case generation method, namely, Random Border CVT (RBCVT), is proposed which can enhance the previous RT methods to improve their coverage of the input space. The generated test cases by the other methods act as the input to the RBCVT algorithm and the output is an improved set of test cases. Therefore, RBCVT is not an independent method and is considered as an add-on to the previous methods. An extensive simulation study and a mutant-based software testing investigation have been performed to demonstrate the effectiveness of RBCVT against the ART and QRT methods. Results from the experimental frameworks demonstrate that RBCVT outperforms previous methods. In addition, a novel search algorithm has been incorporated into RBCVT reducing the order of computational complexity of the new approach. To further analyze the RBCVT method, randomness analysis was undertaken demonstrating that RBCVT has the same characteristics as ART methods in this regard.

Cookies: A deployment study and the testing implications

The results of an extensive investigation of cookie deployment amongst 100,000 Internet sites are presented. Cookie deployment is found to be approaching universal levels and hence there exists an associated need for relevant Web and software engineering processes, specifically testing strategies which actively consider cookies. The semi-automated investigation demonstrates that over two-thirds of the sites studied deploy cookies. The investigation specifically examines the use of first-party, third-party, sessional, and persistent cookies within Web-based applications, identifying the presence of a P3P policy and dynamic Web technologies as major predictors of cookie usage. The results are juxtaposed with the lack of testing strategies present in the literature. A number of real-world examples, including two case studies are presented, further accentuating the need for comprehensive testing strategies for Web-based applications. The use of antirandom test case generation is explored with respect to the testing issues discussed. Finally, a number of seeding vectors are presented, providing a basis for testing cookies within Web-based applications.

A Three-Tiered Testing Strategy for Cookies

Cookies, the HTTP state management mechanism, are the backbone of many web applications. Despite a high adoption rate, cookies have remained virtually unexplored by the academic community. This paper presents an EBNF grammatical definition and a three- tiered testing strategy for cookies. The testing strategy builds upon anti-random and grammar-based methodologies examining cookies from three perspectives: cookies collections, individual cookie transformations and application-specific test-case generation. The collection of cookies maintained within a user-agent are explored in light of the anti-random test- suite reduction techniques and the grammatical definition of a cookie, culminating in the definition of a number of seeding test-vectors providing the basis for a scalable test-suite. A number of distinct grammatically correct cookie transformations are presented, providing further scalability to the proposed testing strategy. Finally a discussion of application-specific cookie transformations is presented, with focus upon the security and reliability concerns of modern web applications.

Token-based graphical password authentication

Given that phishing is an ever-increasing problem, a better authentication system is required. We propose a system that uses a graphical password deployed from a Trojan and virus-resistant embedded device. The graphical password utilizes a personal image to construct an image hash, which is provided as input into a cryptosystem that returns a password. The graphical password requires the user to select a small number of points on the image. The embedded device will then stretch these points into a long alphanumeric password. With one graphical password, the user can generate many passwords from their unique embedded device. The image hash algorithm employed by the device is demonstrated to produce random and unique 256-bit message digests and was found to be responsive to subtle changes in the underlying image. Furthermore, the device was found to generate passwords with entropy significantly larger than that of users passwords currently employed today.

A scalable testing framework for location-based services

A novel testing framework for location based services is introduced. In particular, the paper showcases a novel architecture for such a framework. The implementation of the framework illustrates both the functionality and the feasibility of the framework proposed and the utility of the architecture. The new framework is evaluated through comparison to several other methodologies currently available for the testing of location-based applications. A case study is presented in which the testing framework was applied to a typical mobile service tracking system. It is concluded that the proposed testing framework achieves the best coverage of the entire location based service testing problem of the currently available methodologies; being equipped to test the widest array of application attributes and allowing for the automation of testing activities.

A Novel Granular Neural Network Architecture

We introduce a novel granular neural network (GNN) architecture based on the multi-layer perceptron architecture. The GNN uses linguistic terms as connection weights, and uses the operations of linguistic arithmetic to update those connection weights. The GNN has been implemented in a Java-based simulation environment, with support for both regression and classification learning tasks. We present the results of a preliminary experimental comparison between the GNN and the c4.5 decision tree algorithm on two benchmark datasets. Our results show that the GNN was slightly more accurate than c4.5 on both datasets.

Agile Development of Secure Web-Based Applications

This article outlines a four-point strategy for the development of secure Web-based applications within an agile development framework and introduces strategies to mitigate security risks commonly present in Web-based applications. The proposed strategy includes the representation of security requirements as test cases supported by the open source tool FIT, the deployment of a highly testable architecture allowing for security testing of the application at all levels, the outlining of an extensive security testing strategy supported by the open source unit-testing framework HTTPUnit, and the introduction of the novel technique of security refactoring that transforms insecure working code into a functionally equivalent secure code. Today, many Web-based applications are not secure, and limited literature exists concerning the use of agile methods within this domain. It is the intention of this article to further discussions and research regarding the use of an agile methodology for the development of secure Web-based applications.

A Web Service Test Generator

An automated process for generating test inputs for web services from a WSDL is presented. A grammatical representation of the web service is extracted from the WSDL and used to produce test cases. A context-free grammar (CFG) is generated from the XSD that is stored in the WSDL. The CFG is provided as input into a constraint-satisfaction problem solver to automatically generate a diverse set of structurally correct XML documents. Testing data is then inserted into the XML templates in accordance with any constraints specified in the XSD. Web service-specific testing can be performed with the inclusion of external datasets and service-specific configurations.

Agile testing of location based services

Mobile applications are increasingly location-based; i.e. their functionality is becoming both interactive and context-aware. Combined with an overall increase in the complexity of the devices delivering such services, and a growth in the number of possible networks that they can participate in, these systems require more than just the average approach to testing. The principles and practices of agile testing may serve development teams well here; since the systems ultimately end up being developed and deployed in an iterative and evolutionary manner. In this paper, we explore a testing framework for location-based services that can be employed test-first and yet also offers the full range of non-functional tests that these applications require.