My general research interests are in the areas of software testing, program
analysis, software security .
For a complete list of my publications, see my publications page.
Ongoing research projects are in the areas of rich internet application testing, security testing and
As web applications evolve and their usage increases, their complexity
also increases thus creating a great demand for techniques and tools
to ensure well-tested reliable applications.
Low reliability can result in serious, detrimental effects
for business, government, and consumers, as they have become
increasingly dependent on the Internet for routine daily operations.
Currently, I am interested in studying the challenges
that arise during regression testing and maintenance of web applications.
I am also interested in investigating strategies for efficient and
effective test case generation for web applications.
In the domain of test case prioritization, we study event-driven
software, such as GUIs and web systems to determine the kinds of
prioritization criteria that can be applied to them
to enable effective regression testing. The criteria we
develop are black-box criteria, in that they
do not require executing the code, instead they are based on test case
characteristics. Our studies have shown that combinatorial-based criteria
and certain count-based criteria create effective test orders. See more in
our publications: ICST'08,
Another problem that we study is in the area of automatic
test case generation for web systems. In previous work, we have
used user-sessions, which is usage log data that is converted into test cases
to regression test the system. In recent work, we build a navigation
graph of the web application using combinatorial methods. The graph
handles the page explosion problem that exists in dynamic web applications by
abstraction and combining parameters in a combinatorial manner. In the future, we
plan to use the navigation graph for test case generation. See more
in our publications: HASE'08,
We are also working on developing a tool for prioritizing user-session-based
test cases of web systems. The tool, CPUT, works with Apache web server to
log usage/execution data and convert the data into test cases. The test cases
are stored in an XML format. The test cases can be prioritized by applying
one of several prioritization criteria. If you are interested in obtaining a copy
of CPUT to test your web application, send me an email!
See more in our publications: ICSM'11.
Also see slides from a talk
I gave at Verify/ATI 2011 and
ICSM 2011 on CPUT.
CPUT is described in detail here.
Email me if you are interested in getting the latest version of CPUT.
Drop me an email or stop by my office if you are interested in any of these
In my Ph.D. research, I investigated scalable approaches to
user-session-based testing of web applications.
Scalable approaches are required for practical user-session-based
testing of web applications due to the large number of sessions
often associated with a frequently used web application.
We viewed user sessions
as test cases
where a user session is a sequence of base user
URL requests and name-value pairs (e.g., form field names and values)
recorded at the server-end of the web application.
User sessions can be considered as use cases
of the application.
(Overview of User-session-based Web Application Testing Research (pdf))
To address the problem of scalability during testing, we applied
a mathematical technique called concept analysis to cluster
user sessions (test cases) based on the attributes of the test cases, such as base requests, parameter names, sequences of requests, etc. We then
applied a heuristic to select a subset of test cases
from the clustered test cases. The heuristic selects a
subset of test cases that satisfy a certain requirement.
An example requirement can be the selected subset of test cases should cover all the base requests covered by the original suite. To enable incremental update of the test suite
as the operational profile of the web application changes we proposed an algorithm based on
incremental concept analysis.
The subject programs we use in our experiments are primarily
written in Java/JSP with a HTML front-end and a MySQL/PostGreSQL/files data store
as the back-end; however our techniques can be
extended to programs written in other web-based languages.
Our experimental results indicate that
concept analysis-based reduction reduces the
test suite by 70 - 80% (for base requests requirement) while maintaining the
program coverage and fault detection capabilities of the original
suite of user sessions.