Suhaimi Ibrahim

An automated framework for software test oracle

Context: One of the important issues of software testing is to provide an automated test oracle. Test oracles are reliable sources of how the software under test must operate. In particular, they are used to evaluate the actual results that produced by the software. However, in order to generate an automated test oracle, oracle challenges need to be addressed. These challenges are output-domain generation, input domain to output domain mapping, and a comparator to decide on the accuracy of the actual outputs. Objective: This paper proposes an automated test oracle framework to address all of these challenges. Method: I/O Relationship Analysis is used to generate the output domain automatically and Multi-Networks Oracles based on artificial neural networks are introduced to handle the second challenge. The last challenge is addressed using an automated comparator that adjusts the oracle precision by defining the comparison tolerance. The proposed approach was evaluated using an industry strength case study, which was injected with some faults. The quality of the proposed oracle was measured by assessing its accuracy, precision, misclassification error and practicality. Mutation testing was considered to provide the evaluation framework by implementing two different versions of the case study: a Golden Version and a Mutated Version. Furthermore, a comparative study between the existing automated oracles and the proposed one is provided based on which challenges they can automate. Results: Results indicate that the proposed approach automated the oracle generation process 97% in this experiment. Accuracy of the proposed oracle was up to 98.26%, and the oracle detected up to 97.7% of the injected faults. Conclusion: Consequently, the results of the study highlight the practicality of the proposed oracle in addition to the automation it offers.

SQL injection detection and prevention tools assessment

SQL Injection Attacks (SQLIAs) is one of the most serious threats to the security of database driven applications. In fact, it allows an attacker to gain control over the database of an application and consequently, an attacker may be able to alter data. Many surveys have addressed this problem. Also some researchers have proposed different approaches to detect and prevent this vulnerability but they are not successful completely. Moreover, some of these approaches have not implemented yet and users would be confused in choosing an appropriate tool. In this paper we present all SQL injection attack types and also different tools which can detect or prevent these attacks. Finally we assessed addressing all SQL injection attacks type among current tools.

A Comparative Evaluation of State-of-the-Art Approaches for Web Service Composition

In todays Web environment, many enterprises decide to implement and publish their applications on the Internet using Web services technology. In many cases, a single service is not sufficient to fulfill the users request. To solve this problem, services should be combined together. Therefore, composition of Web services is one of the recent critical issues. A number of approaches have been presented, to tackle this problem. In this paper, we categorize these approaches into four categories (workflow-based, AI-planning based, syntactic-based, and semantic-based). Then, we compare these approaches based on some criteria (like QoS, scalability, and correctness). Investigation of that classification will help researchers who are working on service composition to deliver more applicable solutions.

SQL Injection Is Still Alive: A Study on SQL Injection Signature Evasion Techniques

SQL injection is one of the biggest challenges for the web application security. Based on the studies by OWASP, SQL injection has the highest rank in the web based vulnerabilities. In case of a successful SQL injection attack, the attacker can have access to the web application database. With the rapid rise of SQL injection based attacks, researchers start to provide different security solutions to protect web application against them. One of the most common solutions is the using of web application firewalls. Usually these firewalls use signature based technique as the main core for the detection. In this technique the firewall checks each packet against a list of predefined SQL injection attacks known as signatures. The problem with this technique is that, an attacker with a good knowledge of SQL language can change the look of the SQL queries in a way that firewall cannot detect them but still they lead to the same malicious results. In this paper first we described the nature of SQL injection attack, then we analyzed current SQL injection detection evasion techniques and how they can bypass the detection filters, afterward we proposed a combination of solutions which helps to mitigate the risk of SQL injection attack.

A comparative evaluation of semantic web service discovery approaches

Currently, most enterprises deploy their services on the Web. This augments the request for tools to perform discovery, selection, composition and invocation of Web services. Among them, Web service discovery should be considered more important. Along with the growing number of available Web services, there is a need for tools not only to perform discovery, but also to realize them in an efficient and effective manner. A number of approaches to Web service discovery have been proposed. In this paper, we provide a taxonomy which categorizes Web service discovery systems from different points of view. Moreover, current approaches to Semantic Web service discovery are classified and described. In addition, we compare the approaches with respect to some criteria from different aspects of view. The results of this study can help researchers in both academia and industry to implement a new or to select the most appropriate existing approach for Semantic Web service discovery with the aid of different criteria.

Semantic Web Service Discovery and Composition Based on AI Planning and Web Service Modeling Ontology

Web services are the preferred standards-based way to realize service oriented architecture (SOA) computing. A problem that has become one of the recent critical issues is automated composition of Web services. A number of approaches have been proposed to resolve the problem. However, discovery and composition of Web services have been neglected by majority of those approaches. In this paper, we propose an approach called AIMO, based on AI-planning and Web service modeling ontology (WSMO), which are adapted and extended to tackle the mentioned problem. Moreover, we propose a translator to provide interaction between WSMO and AI-planning. We start with presenting the AIMO architecture which shows all components of the proposed approach. Finally, a simple case study is designed to test some components of AIMO. The preliminary results of the test demonstrate that our approach provides an applicable solution.

A comparative evaluation of state-of-the-art web service composition testing approaches

More and more Web based systems are being developed by composing other single or even composite services. This is due to the fact that not all available services are able to satisfy the needs of a user. The process of composing Web services involves discovering the appropriate services, selecting the best services, combining those services together, and finally executing them. Although much research efforts have been dedicated to the discovery, selection, and composition of services, the process of testing the Web service composition has not been given the same attention. This paper discusses the importance of Web services composition testing, provides a classification of the most prominent approaches in that area, presents several criteria for comparison of those approaches, and conducts a comparative evaluation of the approaches. The results of the paper give an essential perspective to do research work on Web services composition testing.

Artificial neural networks as multi-networks automated test oracle

One of the important issues in software testing is to provide an automated test oracle. Test oracles are reliable sources of how the software under test must operate. In particular, they are used to evaluate the actual results produced by the software. However, in order to generate an automated test oracle, it is necessary to map the input domain to the output domain automatically. In this paper, Multi-Networks Oracles based on Artificial Neural Networks are introduced to handle the mapping automatically. They are an enhanced version of previous ANN-Based Oracles. The proposed model was evaluated by a framework provided by mutation testing and applied to test two industry-sized case studies. In particular, a mutated version of each case study was provided and injected with some faults. Then, a fault-free version of it was developed as a Golden Version to evaluate the capability of the proposed oracle finding the injected faults. Meanwhile, the quality of the proposed oracle is measured by assessing its accuracy, precision, misclassification error and recall. Furthermore, the results of the proposed oracle are compared with former ANN-based Oracles. Accuracy of the proposed oracle was up to 98.93%, and the oracle detected up to 98% of the injected faults. The results of the study show the proposed oracle has better quality and applicability than the previous model.

Testing Web Services Composition: A Mapping Study

E-business systems are known for their frequent changes in business requirements, and traditional software development engineering approaches have difficulties in keeping up with this dynamicity. The use of service oriented architecture in software development has become popular as it provides a solution to frequent changes to business environments in a heterogeneous network. In service oriented architecture, new systems are quickly developed by combining services developed and owned by different organizations, and one way of realising this architecture is via Web services. Although much research effort has been put into the discovery, invocation and composition of services testing Web services has only begun to attract interest from both researchers and industry players. This paper aims to provide a mapping study of current Web services composition testing researches conducted by other researchers. Research papers on testing of Web services composition were gathered from various scholarly databases using provided search engines within a given period of time. The research papers were then classified according to issues addressed by them. The aim is to get a broad overview of the current state of research in Web services composition testing. By looking at the areas focused by existing researchers, gaps and untouched areas of Web services composition testing can be discovered.

Security conscious ai-planning based composition of semantic web services

Purpose – Automated composition of semantic web services has become one of the recent critical issues in todays web environment. Despite the importance of artificial intelligence (AI)‐planning techniques for web service composition, previous works in that area do not address security issues, which is the focus of this paper. The purpose of this paper is to propose an approach to achieve security conscious composition of semantic web services.Design/methodology/approach – The proposed approach called security conscious composition of semantic web services (SCAIMO) is based on the prior work, i.e. AIMO. The AIMO is an effective approach for web service discovery and composition based on AI‐planning, web service modeling ontology (WSMO), and description logic (DL). In this paper, definitions of secure matchmaking and web service composition are formalized based on DLs. Moreover, security capabilities and constraint types in the proposed SCAIMO framework are presented.Findings – This paper proposes a secure ...