The talk will begin with a review of general testing concepts, such as white-box and black-box testing, different realizations of oracles (including a formal behavior specification), fault models and fault coverage issues, and testing architectures. This will set the framework for the following discussion which has two parts: (a) a discussion of the history of the ICTSS conference and the issues discussed during the early times since around 1985, and (b) an overview of two ongoing research projects: (1) on testing implementations against partial-order specifications, and (2) on reverse engineering of Rich Internet Applications for vulnerability testing. The first ICTSS conference was held in Vancouver (Canada) in 1988 and was called International Workshop on Protocol Test Systems. The main question discussed at that time was how to test a protocol implementation to ensure that it satisfies all requirements of a given protocol specification (a form of black-box testing). The main issues were the modeling language used for the specification, fault models, and algorithms for obtaining test suites with given fault coverage. At the same time, standardization committees of ISO and ITU developed guidelines for architectures for protocol testing and a language (TTCN) for specifying test cases. Later, the scope of ICTSS was broadened to cover the testing of many other kinds of software systems. In the second part of the talk, we will first discuss issues that arise in testing systems against a behavior specification that defines a partial order for the interactions of the implementation. Different partial-order specification languages will be considered. Then another ongoing research project on crawling Rich Internet Applications (RIAs) is discussed. Through the testing of a given implementation, a model of the RIA is developed (this is a kind of black-box testing, but without a reference specification). The purpose here is to obtain a "complete" model of the application such that each state (i.e. each page at the user interface) of the application can be subsequently checked for security vulnerabilities or accessibility requirements. Since the state space of these applications is usually huge, we propose (a) different algorithms for obtaining the most important information relatively fast, (b) concurrent exploration by multiple crawlers, and (c) some methods for avoiding the exploration of "equivalent" and "redundant" states.
展开▼
机译:演讲将首先回顾一般的测试概念,例如白盒和黑盒测试,oracle的不同实现(包括正式的行为规范),故障模型和故障覆盖问题以及测试体系结构。这将为以下讨论奠定框架,该讨论分为两部分:(a)讨论ICTSS会议的历史以及自1985年左右以来早期讨论的问题,以及(b)正在进行的两个研究项目的概述: (1)关于针对部分顺序规范的测试实现,以及(2)关于针对漏洞测试的Rich Internet Applications的反向工程。第一次ICTSS会议于1988年在加拿大温哥华举行,被称为协议测试系统国际研讨会。当时讨论的主要问题是如何测试协议实现,以确保它满足给定协议规范的所有要求(黑盒测试的一种形式)。主要问题是用于规范的建模语言,故障模型以及用于获得具有给定故障覆盖率的测试套件的算法。同时,ISO和ITU的标准化委员会制定了协议测试体系结构指南和用于指定测试用例的语言(TTCN)。后来,ICTSS的范围扩大到涵盖许多其他种类的软件系统的测试。在演讲的第二部分中,我们将首先讨论针对行为规范测试系统中出现的问题,行为规范定义了实现交互的部分顺序。将考虑不同的偏序规范语言。然后,讨论了另一个正在进行的有关富Internet应用程序(RIA)爬网的研究项目。通过测试给定的实现,开发了RIA模型(这是一种黑盒测试,但没有参考规范)。此处的目的是获得应用程序的“完整”模型,以便可以随后检查应用程序的每个状态(即用户界面上的每个页面)是否存在安全漏洞或可访问性要求。由于这些应用程序的状态空间通常很大,因此我们提出(a)相对较快地获取最重要信息的不同算法,(b)多个搜寻器并发探索,以及(c)避免探索“等效”探索的一些方法和“冗余”状态。
展开▼
