Research

My general research interests are in the areas of software testing, program analysis, software security . For a complete list of my publications, see my publications page.

Ongoing Research

Ongoing research projects are in the areas of rich internet application testing, security testing and formal verification.

Prior Research

As web applications evolve and their usage increases, their complexity also increases thus creating a great demand for techniques and tools to ensure well-tested reliable applications. Low reliability can result in serious, detrimental effects for business, government, and consumers, as they have become increasingly dependent on the Internet for routine daily operations.

Currently, I am interested in studying the challenges that arise during regression testing and maintenance of web applications. I am also interested in investigating strategies for efficient and effective test case generation for web applications.

In the domain of test case prioritization, we study event-driven software, such as GUIs and web systems to determine the kinds of prioritization criteria that can be applied to them to enable effective regression testing. The criteria we develop are black-box criteria, in that they do not require executing the code, instead they are based on test case characteristics. Our studies have shown that combinatorial-based criteria and certain count-based criteria create effective test orders. See more in our publications: ICST'08, TSE'11, IJSAEM'11.

Another problem that we study is in the area of automatic test case generation for web systems. In previous work, we have used user-sessions, which is usage log data that is converted into test cases to regression test the system. In recent work, we build a navigation graph of the web application using combinatorial methods. The graph handles the page explosion problem that exists in dynamic web applications by abstraction and combining parameters in a combinatorial manner. In the future, we plan to use the navigation graph for test case generation. See more in our publications: HASE'08, ICSM'09.

We are also working on developing a tool for prioritizing user-session-based test cases of web systems. The tool, CPUT, works with Apache web server to log usage/execution data and convert the data into test cases. The test cases are stored in an XML format. The test cases can be prioritized by applying one of several prioritization criteria. If you are interested in obtaining a copy of CPUT to test your web application, send me an email! See more in our publications: ICSM'11. Also see slides from a talk I gave at Verify/ATI 2011 and ICSM 2011 on CPUT. CPUT is described in detail here. Email me if you are interested in getting the latest version of CPUT.

Drop me an email or stop by my office if you are interested in any of these topics!

Ph.D. Research

In my Ph.D. research, I investigated scalable approaches to user-session-based testing of web applications. Scalable approaches are required for practical user-session-based testing of web applications due to the large number of sessions often associated with a frequently used web application. We viewed user sessions as test cases, where a user session is a sequence of base user URL requests and name-value pairs (e.g., form field names and values) recorded at the server-end of the web application. User sessions can be considered as use cases of the application.
(Overview of User-session-based Web Application Testing Research (pdf))

To address the problem of scalability during testing, we applied a mathematical technique called concept analysis to cluster user sessions (test cases) based on the attributes of the test cases, such as base requests, parameter names, sequences of requests, etc. We then applied a heuristic to select a subset of test cases from the clustered test cases. The heuristic selects a subset of test cases that satisfy a certain requirement. An example requirement can be the selected subset of test cases should cover all the base requests covered by the original suite. To enable incremental update of the test suite as the operational profile of the web application changes we proposed an algorithm based on incremental concept analysis. The subject programs we use in our experiments are primarily written in Java/JSP with a HTML front-end and a MySQL/PostGreSQL/files data store as the back-end; however our techniques can be extended to programs written in other web-based languages. Our experimental results indicate that concept analysis-based reduction reduces the test suite by 70 - 80% (for base requests requirement) while maintaining the program coverage and fault detection capabilities of the original suite of user sessions.