Porfirio Tramontana

Using GUI ripping for automated testing of Android applications

We present AndroidRipper, an automated technique that tests Android apps via their Graphical User Interface (GUI). AndroidRipper is based on a user-interface driven ripper that automatically explores the apps GUI with the aim of exercising the application in a structured manner. We evaluate AndroidRipper on an open-source Android app. Our results show that our GUI-based test cases are able to detect severe, previously unknown, faults in the underlying code, and the structured exploration outperforms a random approach.

A GUI Crawling-Based Technique for Android Mobile Application Testing

As mobile applications become more complex, specific development tools and frameworks as well as cost effective testing techniques and tools will be essential to assure the development of secure, high-quality mobile applications. This paper addresses the problem of automatic testing of mobile applications developed for the Google Android platform, and presents a technique for rapid crash testing and regression testing of Android applications. The technique is based on a crawler that automatically builds a model of the application GUI and obtains test cases that can be automatically executed. The technique is supported by a tool for both crawling the application and generating the test cases. In the paper we present an example of using the technique and the tool for testing a real small size Android application that preliminary shows the effectiveness and usability of the proposed testing approach.

A wrapping approach for migrating legacy system interactive functionalities to Service Oriented Architectures

Software systems modernisation using Service Oriented Architectures (SOAs) and Web Services represents a valuable option for extending the lifetime of mission-critical legacy systems. This paper presents a black-box modernisation approach for exposing interactive functionalities of legacy systems as Services. The problem of transforming the original user interface of the system into the request/response interface of a SOA is solved by a wrapper that is able to interact with the system on behalf of the user. The wrapper behaviour is defined in the form of Finite State Machines retrievable by black-box reverse engineering of the human-computer interface. The paper describes our wrapper-based migration process and discusses the results of case studies showing process effectiveness and quality of resulting services.

Reverse engineering web applications: the WARE approach

The rapid, progressive diffusion of Web applications in several productive contexts of our modern society is laying the foundations of a renewed scenario of software development, where one of the emerging problems is that of defining and validating cost-effective approaches for maintaining and evolving these software systems.Due to several factors, the solution to this problem is not straightforward. The heterogeneous and dynamic nature of components making up a Web application, the lack of effective programming mechanisms for implementing basic software engineering principles in it, and undisciplined development processes induced by the high pressure of a very short time-to-market, make Web application maintenance a challenging problem. A relevant issue consists of reusing the methodological and technological experience in the sector of traditional software maintenance, and exploring the opportunity of using reverse engineering to support effective Web application maintenance.This paper presents an approach for defining reverse engineering processes involving Web applications. The approach has been used to implement a process, including reverse engineering methods and a supporting software tool, that helps to understand existing undocumented Web applications to be maintained or evolved, through the reconstruction of UML diagrams. The proposed reverse engineering process has been submitted to a validation experiment, the results of which showed the usability of the process for reverse engineering Web applications with different characteristics, and highlighted possible areas for improvement of its effectiveness. The experiment and the lessons learned from it are presented in the paper.

WARE: a tool for the reverse engineering of Web applications

The development of Web sites and applications is increasing dramatically to satisfy the market requests. The software industry is facing the new demand under the pressure of a very short time-to-market and an extremely high competition. As a result, Web sites and applications are usually developed without a disciplined process: Web applications are directly coded and no, or poor, documentation is produced to support the subsequent maintenance and evolution activities, thus compromising the quality of the applications. This paper presents a tool for reverse engineering Web applications. UML diagrams are used to model a set of views that depict several aspects of a Web application at different abstraction levels. The recovered diagrams ease the comprehension of the application and support its maintenance and evolution. A case study, carried out with the aim of assessing the effectiveness of the proposed tool, allowed relevant information about some real Web applications to be successfully recovered and modeled by UML diagrams.

Migrating interactive legacy systems to Web services

Migration of form based legacy systems towards service-oriented computing is a challenging task, requiring the adaptation of the legacy interface to the interaction paradigm of Web services. In this paper, a wrapping methodology is proposed to make interactive functionalities of legacy systems accessible as Web services. The wrapper that is used for interacting with the legacy system acts as an interpreter of a finite state automaton that describes the model of the interaction between user and legacy system. This model is obtained by black box reverse engineering techniques. A migration process and a software architecture that allow a functionality of a legacy system to be exported as a Web service are presented in the paper

Identifying cross site scripting vulnerabilities in Web applications

Cross site scripting (XSS) is a vulnerability of a Web application that is essentially caused by the failure of the application to check up on user input before returning it to the clients Web browser. Without an adequate validation, user input may include malicious code that may be sent to other clients and unexpectedly executed by their browsers, thus causing a security attack. Techniques to prevent this type of attacks require that all application input must be checked up and filtered, encoded, or validated before sending them to any user. In order to discover the XSS vulnerabilities in a Web application, traditional source code analysis techniques can be exploited. In this paper, in order to assess the XSS vulnerability of a Web application, an approach that combines static and dynamic analysis of the Web application is presented. Static analysis based criteria have been defined to detect potential vulnerabilities in the server pages of a Web application, while a process of dynamic analysis has been proposed in order to detect actual vulnerabilities. Some case studies have been carried out, giving encouraging results.

Comprehending Web applications by a clustering based approach

The number and complexity of Web applications are increasing dramatically to satisfy market needs, and the need of effective approaches for comprehending them is growing accordingly. Recently, reverse engineering methods and tools have been proposed to support the comprehension of a Web application; the information recovered by these tools is usually rendered in graphical representations. However, the graphical representations become progressively less useful with large-scale applications, and do not support adequately the comprehension of the application. To overcome this limitation, we propose an approach based on a clustering method for decomposing a Web application (WA) into groups of functionally related components. The approach is based on the definition of a coupling measure between interconnected components of the WA that takes into account both the typology and topology of the connections. The coupling measure is exploited by a clustering algorithm that produces a hierarchy of clustering. This hierarchy allows a structured approach for comprehension of the Web application to be carried out. The approach has been experimented with medium sized Web applications and produced interesting and encouraging results.

Reverse Engineering Finite State Machines from Rich Internet Applications

In the last years, rich Internet applications (RIAs) have emerged as a new generation of Web applications offering greater usability and interactivity than traditional ones. At the same time, RIAs introduce new issues and challenges in all the Web application lifecycle activities. As an example, a key problem with RIAs consists of defining suitable software models for representing them and validating reverse engineering techniques for obtaining these models effectively.This paper presents a reverse engineering approach for abstracting finite state machines representing the client-side behaviour offered by RIAs. The approach is based on dynamic analysis of the RIA and employs clustering techniques for solving the problem of state explosion of the state machine. A case study illustrated in the paper shows the results of a preliminary experiment where the proposed process has been executed with success for reverse engineering the behaviour of an existing RIA.

Rich Internet Application Testing Using Execution Trace Data

The rapid and growing diffusion of Rich Internet Applications (RIAs) with their enhanced interactivity, responsiveness and dynamicity is sharpening the distance between Web applications and desktop applications, making the Web experience more and more appealing and user-friendly. This paper presents a technique for testing RIAs that generates test cases from application execution traces, and obtains more scalable test suites thanks to testing reduction techniques. Execution traces provide a fast and cheap way for generating test cases and can be obtained either from user sessions, or by crawling the application or by combining both approaches. The proposed technique has been evaluated by a preliminary experiment that investigated the effectiveness of different approaches for execution trace collection and of several criteria for reducing the test suites. The experimental results showed the feasibility of the technique and that its effectiveness can be improved by hybrid approaches that combine both manually and automatically obtained execution traces of the application.