As web applications become more complex, automated techniques for their testing and verification have become essential. Many of these techniques, such as ones for identifying security vulnerabilities, require information about a web application's control flow. Currently, this information is manually specified or automatically generated using techniques that cannot give strong guarantees of completeness. This paper presents a new static analysis based approach for identifying control flow in web applications that is both automated and provides stronger guarantees of completeness. The empirical evaluation of the approach shows that it is able to identify more complete control flow information than other approaches with comparable analysis run time.
展开▼