SlideShare une entreprise Scribd logo

ArtForm - Dynamic analysis of JavaScript validation in web forms - Poster

DBOnto
DBOnto

ArtForm - Dynamic analysis of JavaScript validation in web forms - Poster

Technologie
1  sur  1
Télécharger pour lire hors ligne
ArtForm Dynamic analysis of JavaScript validation in web forms Ben Spencer, supervised by Michael Benedikt and Franck van Breugel In collaboration with Casper Svenning Jensen and Anders Møller Form Understanding When crawling the web, data is often hidden behind forms with validation constraints. We aim to analyse JavaScript code attached to forms and infer their integrity constraints, retrieve or model the hidden data, and improve the efficiency of searching or data-extraction tools.  Dynamic features of JavaScript and real-world code make static analysis difficult.  We use concolic analysis and perform a symbolic execution driven by concrete runs.  ArtForm is built on Artemis1, a tool for automated testing of JavaScript applications. Concolic Analysis Example function validate() { x = document.getElementById("name").value; y = document.getElementById("age").value; if (x.length < 3) { alert("Error!"); return false; } else { if (parseInt(y, 10) >= 18) { return true; } else { alert("Error!"); return false; } } } Run x y Conditions Valid Next Goal 1 '' '' len(x) < 3 No len(x) >= 3 'Smith' len(x) >= 3 int(y) < 18 2 No len(x) >= 3 int(y) >= 18 'John' 3 '30' len(x) >= 3 int(y) >= 18 'John' Yes Finished validate() len(x) < 3 int(y) >= 18 False True False True x = John y = 30 x = '' y = '' x = John y = Smith ArtForm Architecture Instrumented WebKit Browser  Controls all code execution and events.  Allows access to the DOM implementation and page information. Symbolic Interpreter  Tracks both concrete and symbolic values.  Form inputs are initially symbolic variables and symbolic information is propagated as they are used.  Records the path taken and the symbolic branches observed. Trace Classifier  Decides whether a trace was a successful submission or not.  Based on alerts, changes to the DOM and page loads. Path Tree  Stores information about the previous runs. Search Procedure  Chooses the next path to explore.  We are Investigating good search strate-gies to find interesting parts of the tree more quickly. Interface Analyser  Chooses the entry-point.  Could be buttons, links, images or inputs and forms may cover the entire page.  ArtForm uses DIADEM2 for page analysis. Test Driver  Loads the test page with no saved state.  Injects the given inputs into the form.  Simulates real click on submit button. Constraint Solver  Solves the path constraint to generate the next input values to test.  Translates our internal constraints to input for a third-party solver.  ArtForm uses CVC43. Artemis WebKit Browser Concrete Interpreter Symbolic Interpreter Search Procedure Test Driver Constraint Solver Path Tree Trace Classifier Interface Analyser Web Form Example URL: www.underwoods.co.uk/search.cfm Branches: 629 Success: 248 Failure: 164 Constraints: 692 Traces: 412 Unsatisfiable: 280 Issues  Event handlers  Each field has its own validation func-tion and may depend on other fields.  Triggering them in-order is a useful guess, but may miss some information.  Checking dependence between the handlers is difficult.  Testing all orderings is not feasible.  Values may be tested before injection.  Forms may be updated dynamically.  Select boxes and radio buttons have implied constraints found in the DOM.  JavaScript’s coercion semantics and NaN are difficult to model and solve.  Some constraint types are not supported by the solver or our translation.  JavaScript minification and obfuscation.  Long loops and repeated code. Future Work  Continue testing on real-world sites to identify common patterns which we do not handle well.  Track event handler dependencies and use partial order methods to choose appropriate orderings to test.  Use heuristics or static analysis to target the search and speed up exploration of the most interesting parts of the trees.  Work on converting the trees to useful descriptions of the constraints.  Infer higher-level constraints such as set containment which are not shown direct-ly in our traces.  New features for our translator and the solver, for example more complex regular expression tests or string inequalities. ArtForm is available at github.com/cs-au-dk/Artemis [1] brics.dk/artemis/ [2] diadem.cs.ox.ac.uk [3] cvc4.cs.nyu.edu/web/

Recommandé

Static analysis by tools
Static analysis by toolsStatic analysis by tools
Static analysis by toolswiny setya ningrum
 
Software Testing Techniques
Software Testing TechniquesSoftware Testing Techniques
Software Testing TechniquesKiran Kumar
 
Advanced web application architecture - PHP Barcelona
Advanced web application architecture - PHP BarcelonaAdvanced web application architecture - PHP Barcelona
Advanced web application architecture - PHP BarcelonaMatthias Noback
 
Software Quality Testing
Software Quality TestingSoftware Quality Testing
Software Quality TestingKiran Kumar
 
Black Box Testing
Black Box TestingBlack Box Testing
Black Box TestingMustafa Sherazi
 
Layers, ports and adapters
Layers, ports and adaptersLayers, ports and adapters
Layers, ports and adaptersMatthias Noback
 
Software Testing Techniques
Software Testing TechniquesSoftware Testing Techniques
Software Testing TechniquesKiran Kumar
 
Input Space Partitioning
Input Space PartitioningInput Space Partitioning
Input Space PartitioningRiyad Parvez
 

Recommandé

Static analysis by tools
Static analysis by toolsStatic analysis by tools
Static analysis by toolswiny setya ningrum
 
Software Testing Techniques
Software Testing TechniquesSoftware Testing Techniques
Software Testing TechniquesKiran Kumar
 
Advanced web application architecture - PHP Barcelona
Advanced web application architecture - PHP BarcelonaAdvanced web application architecture - PHP Barcelona
Advanced web application architecture - PHP BarcelonaMatthias Noback
 
Software Quality Testing
Software Quality TestingSoftware Quality Testing
Software Quality TestingKiran Kumar
 
Black Box Testing
Black Box TestingBlack Box Testing
Black Box TestingMustafa Sherazi
 
Layers, ports and adapters
Layers, ports and adaptersLayers, ports and adapters
Layers, ports and adaptersMatthias Noback
 
Software Testing Techniques
Software Testing TechniquesSoftware Testing Techniques
Software Testing TechniquesKiran Kumar
 
Input Space Partitioning
Input Space PartitioningInput Space Partitioning
Input Space PartitioningRiyad Parvez
 
Black box Testing by Laraib
Black box Testing by Laraib Black box Testing by Laraib
Black box Testing by Laraib laraibalvi1
 
SOLID Principles and The Clean Architecture
SOLID Principles and The Clean ArchitectureSOLID Principles and The Clean Architecture
SOLID Principles and The Clean ArchitectureMohamed Galal
 
Black box testing
Black box testingBlack box testing
Black box testingNakul Sharma
 
Coding and testing In Software Engineering
Coding and testing In Software EngineeringCoding and testing In Software Engineering
Coding and testing In Software EngineeringSatya Bhushan Verma
 
Test design techniques
Test design techniquesTest design techniques
Test design techniquesGregory Solovey
 
Record matching over multiple query result - Document
Record matching over multiple query result - DocumentRecord matching over multiple query result - Document
Record matching over multiple query result - DocumentNishna Ma
 
Dynamic analysis in Software Testing
Dynamic analysis in Software TestingDynamic analysis in Software Testing
Dynamic analysis in Software TestingSagar Pednekar
 
Module 3 Object Oriented Data Models Object Oriented notations
Module 3 Object Oriented Data Models Object Oriented notationsModule 3 Object Oriented Data Models Object Oriented notations
Module 3 Object Oriented Data Models Object Oriented notationsTaher Barodawala
 
20100810
2010081020100810
20100810guanqoo
 
PDQ Poster
PDQ PosterPDQ Poster
PDQ PosterDBOnto
 
PDQ: Proof-driven Querying presentation
PDQ: Proof-driven Querying presentationPDQ: Proof-driven Querying presentation
PDQ: Proof-driven Querying presentationDBOnto
 
Welcome by Ian Horrocks
Welcome by Ian HorrocksWelcome by Ian Horrocks
Welcome by Ian HorrocksDBOnto
 
RDFox Poster
RDFox PosterRDFox Poster
RDFox PosterDBOnto
 
Sem facet paper
Sem facet paperSem facet paper
Sem facet paperDBOnto
 
Optique - poster
Optique - posterOptique - poster
Optique - posterDBOnto
 
PAGOdA poster
PAGOdA posterPAGOdA poster
PAGOdA posterDBOnto
 
SemFacet paper
SemFacet paperSemFacet paper
SemFacet paperDBOnto
 
PAGOdA paper
PAGOdA paperPAGOdA paper
PAGOdA paperDBOnto
 
Aggregating Semantic Annotators Paper
Aggregating Semantic Annotators PaperAggregating Semantic Annotators Paper
Aggregating Semantic Annotators PaperDBOnto
 
Parallel Materialisation of Datalog Programs in Centralised, Main-Memory RDF ...
Parallel Materialisation of Datalog Programs in Centralised, Main-Memory RDF ...Parallel Materialisation of Datalog Programs in Centralised, Main-Memory RDF ...
Parallel Materialisation of Datalog Programs in Centralised, Main-Memory RDF ...DBOnto
 
Query Distributed RDF Graphs: The Effects of Partitioning Paper
Query Distributed RDF Graphs: The Effects of Partitioning PaperQuery Distributed RDF Graphs: The Effects of Partitioning Paper
Query Distributed RDF Graphs: The Effects of Partitioning PaperDBOnto
 
Semantic Faceted Search with SemFacet presentation
Semantic Faceted Search with SemFacet presentationSemantic Faceted Search with SemFacet presentation
Semantic Faceted Search with SemFacet presentationDBOnto
 

Contenu connexe

Tendances

Black box Testing by Laraib
Black box Testing by Laraib Black box Testing by Laraib
Black box Testing by Laraib laraibalvi1
 
SOLID Principles and The Clean Architecture
SOLID Principles and The Clean ArchitectureSOLID Principles and The Clean Architecture
SOLID Principles and The Clean ArchitectureMohamed Galal
 
Coding and testing In Software Engineering
Coding and testing In Software EngineeringCoding and testing In Software Engineering
Coding and testing In Software EngineeringSatya Bhushan Verma
 
Record matching over multiple query result - Document
Record matching over multiple query result - DocumentRecord matching over multiple query result - Document
Record matching over multiple query result - DocumentNishna Ma
 
Dynamic analysis in Software Testing
Dynamic analysis in Software TestingDynamic analysis in Software Testing
Dynamic analysis in Software TestingSagar Pednekar
 
Module 3 Object Oriented Data Models Object Oriented notations
Module 3 Object Oriented Data Models Object Oriented notationsModule 3 Object Oriented Data Models Object Oriented notations
Module 3 Object Oriented Data Models Object Oriented notationsTaher Barodawala
 
20100810
2010081020100810
20100810guanqoo
 

Tendances (9)

Black box Testing by Laraib
Black box Testing by Laraib Black box Testing by Laraib
Black box Testing by Laraib
 
SOLID Principles and The Clean Architecture
SOLID Principles and The Clean ArchitectureSOLID Principles and The Clean Architecture
SOLID Principles and The Clean Architecture
 
Black box testing
Black box testingBlack box testing
Black box testing
 
Coding and testing In Software Engineering
Coding and testing In Software EngineeringCoding and testing In Software Engineering
Coding and testing In Software Engineering
 
Test design techniques
Test design techniquesTest design techniques
Test design techniques
 
Record matching over multiple query result - Document
Record matching over multiple query result - DocumentRecord matching over multiple query result - Document
Record matching over multiple query result - Document
 
Dynamic analysis in Software Testing
Dynamic analysis in Software TestingDynamic analysis in Software Testing
Dynamic analysis in Software Testing
 
Module 3 Object Oriented Data Models Object Oriented notations
Module 3 Object Oriented Data Models Object Oriented notationsModule 3 Object Oriented Data Models Object Oriented notations
Module 3 Object Oriented Data Models Object Oriented notations
 
20100810
2010081020100810
20100810
 

En vedette

PDQ Poster
PDQ PosterPDQ Poster
PDQ PosterDBOnto
 
PDQ: Proof-driven Querying presentation
PDQ: Proof-driven Querying presentationPDQ: Proof-driven Querying presentation
PDQ: Proof-driven Querying presentationDBOnto
 
Welcome by Ian Horrocks
Welcome by Ian HorrocksWelcome by Ian Horrocks
Welcome by Ian HorrocksDBOnto
 
RDFox Poster
RDFox PosterRDFox Poster
RDFox PosterDBOnto
 
Sem facet paper
Sem facet paperSem facet paper
Sem facet paperDBOnto
 
Optique - poster
Optique - posterOptique - poster
Optique - posterDBOnto
 
PAGOdA poster
PAGOdA posterPAGOdA poster
PAGOdA posterDBOnto
 
SemFacet paper
SemFacet paperSemFacet paper
SemFacet paperDBOnto
 
PAGOdA paper
PAGOdA paperPAGOdA paper
PAGOdA paperDBOnto
 
Aggregating Semantic Annotators Paper
Aggregating Semantic Annotators PaperAggregating Semantic Annotators Paper
Aggregating Semantic Annotators PaperDBOnto
 
Parallel Materialisation of Datalog Programs in Centralised, Main-Memory RDF ...
Parallel Materialisation of Datalog Programs in Centralised, Main-Memory RDF ...Parallel Materialisation of Datalog Programs in Centralised, Main-Memory RDF ...
Parallel Materialisation of Datalog Programs in Centralised, Main-Memory RDF ...DBOnto
 
Query Distributed RDF Graphs: The Effects of Partitioning Paper
Query Distributed RDF Graphs: The Effects of Partitioning PaperQuery Distributed RDF Graphs: The Effects of Partitioning Paper
Query Distributed RDF Graphs: The Effects of Partitioning PaperDBOnto
 
Semantic Faceted Search with SemFacet presentation
Semantic Faceted Search with SemFacet presentationSemantic Faceted Search with SemFacet presentation
Semantic Faceted Search with SemFacet presentationDBOnto
 
Optique presentation
Optique presentationOptique presentation
Optique presentationDBOnto
 
ROSeAnn Presentation
ROSeAnn PresentationROSeAnn Presentation
ROSeAnn PresentationDBOnto
 
SemFacet Poster
SemFacet PosterSemFacet Poster
SemFacet PosterDBOnto
 
Diadem DBOnto Kick Off meeting
Diadem DBOnto Kick Off meetingDiadem DBOnto Kick Off meeting
Diadem DBOnto Kick Off meetingDBOnto
 
PAGOdA Presentation
PAGOdA PresentationPAGOdA Presentation
PAGOdA PresentationDBOnto
 
Overview of Dan Olteanu's Research presentation
Overview of Dan Olteanu's Research presentationOverview of Dan Olteanu's Research presentation
Overview of Dan Olteanu's Research presentationDBOnto
 
DIADEM: domain-centric intelligent automated data extraction methodology Pres...
DIADEM: domain-centric intelligent automated data extraction methodology Pres...DIADEM: domain-centric intelligent automated data extraction methodology Pres...
DIADEM: domain-centric intelligent automated data extraction methodology Pres...DBOnto
 

En vedette (20)

PDQ Poster
PDQ PosterPDQ Poster
PDQ Poster
 
PDQ: Proof-driven Querying presentation
PDQ: Proof-driven Querying presentationPDQ: Proof-driven Querying presentation
PDQ: Proof-driven Querying presentation
 
Welcome by Ian Horrocks
Welcome by Ian HorrocksWelcome by Ian Horrocks
Welcome by Ian Horrocks
 
RDFox Poster
RDFox PosterRDFox Poster
RDFox Poster
 
Sem facet paper
Sem facet paperSem facet paper
Sem facet paper
 
Optique - poster
Optique - posterOptique - poster
Optique - poster
 
PAGOdA poster
PAGOdA posterPAGOdA poster
PAGOdA poster
 
SemFacet paper
SemFacet paperSemFacet paper
SemFacet paper
 
PAGOdA paper
PAGOdA paperPAGOdA paper
PAGOdA paper
 
Aggregating Semantic Annotators Paper
Aggregating Semantic Annotators PaperAggregating Semantic Annotators Paper
Aggregating Semantic Annotators Paper
 
Parallel Materialisation of Datalog Programs in Centralised, Main-Memory RDF ...
Parallel Materialisation of Datalog Programs in Centralised, Main-Memory RDF ...Parallel Materialisation of Datalog Programs in Centralised, Main-Memory RDF ...
Parallel Materialisation of Datalog Programs in Centralised, Main-Memory RDF ...
 
Query Distributed RDF Graphs: The Effects of Partitioning Paper
Query Distributed RDF Graphs: The Effects of Partitioning PaperQuery Distributed RDF Graphs: The Effects of Partitioning Paper
Query Distributed RDF Graphs: The Effects of Partitioning Paper
 
Semantic Faceted Search with SemFacet presentation
Semantic Faceted Search with SemFacet presentationSemantic Faceted Search with SemFacet presentation
Semantic Faceted Search with SemFacet presentation
 
Optique presentation
Optique presentationOptique presentation
Optique presentation
 
ROSeAnn Presentation
ROSeAnn PresentationROSeAnn Presentation
ROSeAnn Presentation
 
SemFacet Poster
SemFacet PosterSemFacet Poster
SemFacet Poster
 
Diadem DBOnto Kick Off meeting
Diadem DBOnto Kick Off meetingDiadem DBOnto Kick Off meeting
Diadem DBOnto Kick Off meeting
 
PAGOdA Presentation
PAGOdA PresentationPAGOdA Presentation
PAGOdA Presentation
 
Overview of Dan Olteanu's Research presentation
Overview of Dan Olteanu's Research presentationOverview of Dan Olteanu's Research presentation
Overview of Dan Olteanu's Research presentation
 
DIADEM: domain-centric intelligent automated data extraction methodology Pres...
DIADEM: domain-centric intelligent automated data extraction methodology Pres...DIADEM: domain-centric intelligent automated data extraction methodology Pres...
DIADEM: domain-centric intelligent automated data extraction methodology Pres...
 

Similaire à ArtForm - Dynamic analysis of JavaScript validation in web forms - Poster

Selenium Testing Training in Bangalore
Selenium Testing Training in BangaloreSelenium Testing Training in Bangalore
Selenium Testing Training in Bangalorerajkamal560066
 
Angular js meetup
Angular js meetupAngular js meetup
Angular js meetupAnton Kropp
 
WPF Windows Presentation Foundation A detailed overview Version1.2
WPF Windows Presentation Foundation A detailed overview Version1.2WPF Windows Presentation Foundation A detailed overview Version1.2
WPF Windows Presentation Foundation A detailed overview Version1.2Shahzad
 
PranathiSadhulaAutomationTester
PranathiSadhulaAutomationTesterPranathiSadhulaAutomationTester
PranathiSadhulaAutomationTesterPranathi Sadhula
 
Experiments on Design Pattern Discovery
Experiments on Design Pattern DiscoveryExperiments on Design Pattern Discovery
Experiments on Design Pattern DiscoveryTim Menzies
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Engineering Software Lab
 
Web Engineering - Web Application Testing
Web Engineering - Web Application TestingWeb Engineering - Web Application Testing
Web Engineering - Web Application TestingNosheen Qamar
 
Qtp interview questions
Qtp interview questionsQtp interview questions
Qtp interview questionsRamu Palanki
 
Qtp interview questions
Qtp interview questionsQtp interview questions
Qtp interview questionsRamu Palanki
 
Scalable constrained spectral clustering
Scalable constrained spectral clusteringScalable constrained spectral clustering
Scalable constrained spectral clusteringNishanth Harapanahalli
 
Information Extraction from HTML: General Machine Learning ...
Information Extraction from HTML: General Machine Learning ...Information Extraction from HTML: General Machine Learning ...
Information Extraction from HTML: General Machine Learning ...butest
 
Testing Experience - Evolution of Test Automation Frameworks
Testing Experience - Evolution of Test Automation FrameworksTesting Experience - Evolution of Test Automation Frameworks
Testing Experience - Evolution of Test Automation FrameworksŁukasz Morawski
 
Query optimization to improve performance of the code execution
Query optimization to improve performance of the code executionQuery optimization to improve performance of the code execution
Query optimization to improve performance of the code executionAlexander Decker
 
11.query optimization to improve performance of the code execution
11.query optimization to improve performance of the code execution11.query optimization to improve performance of the code execution
11.query optimization to improve performance of the code executionAlexander Decker
 
Selenium RC: Automated Testing of Modern Web Applications
Selenium RC: Automated Testing of Modern Web ApplicationsSelenium RC: Automated Testing of Modern Web Applications
Selenium RC: Automated Testing of Modern Web Applicationsqooxdoo
 
NEr using N-Gram techniqueppt
NEr using N-Gram techniquepptNEr using N-Gram techniqueppt
NEr using N-Gram techniquepptGyandeep Kansal
 

Similaire à ArtForm - Dynamic analysis of JavaScript validation in web forms - Poster (20)

IJET-V3I2P2
IJET-V3I2P2IJET-V3I2P2
IJET-V3I2P2
 
Selenium Testing Training in Bangalore
Selenium Testing Training in BangaloreSelenium Testing Training in Bangalore
Selenium Testing Training in Bangalore
 
Angular js meetup
Angular js meetupAngular js meetup
Angular js meetup
 
WPF Windows Presentation Foundation A detailed overview Version1.2
WPF Windows Presentation Foundation A detailed overview Version1.2WPF Windows Presentation Foundation A detailed overview Version1.2
WPF Windows Presentation Foundation A detailed overview Version1.2
 
PranathiSadhulaAutomationTester
PranathiSadhulaAutomationTesterPranathiSadhulaAutomationTester
PranathiSadhulaAutomationTester
 
Experiments on Design Pattern Discovery
Experiments on Design Pattern DiscoveryExperiments on Design Pattern Discovery
Experiments on Design Pattern Discovery
 
Two Layered HMMs for Search Interface Segmentation
Two Layered HMMs for Search Interface SegmentationTwo Layered HMMs for Search Interface Segmentation
Two Layered HMMs for Search Interface Segmentation
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
 
Lift Framework
Lift FrameworkLift Framework
Lift Framework
 
Web Engineering - Web Application Testing
Web Engineering - Web Application TestingWeb Engineering - Web Application Testing
Web Engineering - Web Application Testing
 
Qtp interview questions
Qtp interview questionsQtp interview questions
Qtp interview questions
 
Qtp interview questions
Qtp interview questionsQtp interview questions
Qtp interview questions
 
Scalable constrained spectral clustering
Scalable constrained spectral clusteringScalable constrained spectral clustering
Scalable constrained spectral clustering
 
Information Extraction from HTML: General Machine Learning ...
Information Extraction from HTML: General Machine Learning ...Information Extraction from HTML: General Machine Learning ...
Information Extraction from HTML: General Machine Learning ...
 
Testing Experience - Evolution of Test Automation Frameworks
Testing Experience - Evolution of Test Automation FrameworksTesting Experience - Evolution of Test Automation Frameworks
Testing Experience - Evolution of Test Automation Frameworks
 
Query optimization to improve performance of the code execution
Query optimization to improve performance of the code executionQuery optimization to improve performance of the code execution
Query optimization to improve performance of the code execution
 
11.query optimization to improve performance of the code execution
11.query optimization to improve performance of the code execution11.query optimization to improve performance of the code execution
11.query optimization to improve performance of the code execution
 
Selenium RC: Automated Testing of Modern Web Applications
Selenium RC: Automated Testing of Modern Web ApplicationsSelenium RC: Automated Testing of Modern Web Applications
Selenium RC: Automated Testing of Modern Web Applications
 
NEr using N-Gram techniqueppt
NEr using N-Gram techniquepptNEr using N-Gram techniqueppt
NEr using N-Gram techniqueppt
 
Final ppt
Final pptFinal ppt
Final ppt
 

Dernier

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Dernier (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

ArtForm - Dynamic analysis of JavaScript validation in web forms - Poster

  • 1. ArtForm Dynamic analysis of JavaScript validation in web forms Ben Spencer, supervised by Michael Benedikt and Franck van Breugel In collaboration with Casper Svenning Jensen and Anders Møller Form Understanding When crawling the web, data is often hidden behind forms with validation constraints. We aim to analyse JavaScript code attached to forms and infer their integrity constraints, retrieve or model the hidden data, and improve the efficiency of searching or data-extraction tools.  Dynamic features of JavaScript and real-world code make static analysis difficult.  We use concolic analysis and perform a symbolic execution driven by concrete runs.  ArtForm is built on Artemis1, a tool for automated testing of JavaScript applications. Concolic Analysis Example function validate() { x = document.getElementById("name").value; y = document.getElementById("age").value; if (x.length < 3) { alert("Error!"); return false; } else { if (parseInt(y, 10) >= 18) { return true; } else { alert("Error!"); return false; } } } Run x y Conditions Valid Next Goal 1 '' '' len(x) < 3 No len(x) >= 3 'Smith' len(x) >= 3 int(y) < 18 2 No len(x) >= 3 int(y) >= 18 'John' 3 '30' len(x) >= 3 int(y) >= 18 'John' Yes Finished validate() len(x) < 3 int(y) >= 18 False True False True x = John y = 30 x = '' y = '' x = John y = Smith ArtForm Architecture Instrumented WebKit Browser  Controls all code execution and events.  Allows access to the DOM implementation and page information. Symbolic Interpreter  Tracks both concrete and symbolic values.  Form inputs are initially symbolic variables and symbolic information is propagated as they are used.  Records the path taken and the symbolic branches observed. Trace Classifier  Decides whether a trace was a successful submission or not.  Based on alerts, changes to the DOM and page loads. Path Tree  Stores information about the previous runs. Search Procedure  Chooses the next path to explore.  We are Investigating good search strate-gies to find interesting parts of the tree more quickly. Interface Analyser  Chooses the entry-point.  Could be buttons, links, images or inputs and forms may cover the entire page.  ArtForm uses DIADEM2 for page analysis. Test Driver  Loads the test page with no saved state.  Injects the given inputs into the form.  Simulates real click on submit button. Constraint Solver  Solves the path constraint to generate the next input values to test.  Translates our internal constraints to input for a third-party solver.  ArtForm uses CVC43. Artemis WebKit Browser Concrete Interpreter Symbolic Interpreter Search Procedure Test Driver Constraint Solver Path Tree Trace Classifier Interface Analyser Web Form Example URL: www.underwoods.co.uk/search.cfm Branches: 629 Success: 248 Failure: 164 Constraints: 692 Traces: 412 Unsatisfiable: 280 Issues  Event handlers  Each field has its own validation func-tion and may depend on other fields.  Triggering them in-order is a useful guess, but may miss some information.  Checking dependence between the handlers is difficult.  Testing all orderings is not feasible.  Values may be tested before injection.  Forms may be updated dynamically.  Select boxes and radio buttons have implied constraints found in the DOM.  JavaScript’s coercion semantics and NaN are difficult to model and solve.  Some constraint types are not supported by the solver or our translation.  JavaScript minification and obfuscation.  Long loops and repeated code. Future Work  Continue testing on real-world sites to identify common patterns which we do not handle well.  Track event handler dependencies and use partial order methods to choose appropriate orderings to test.  Use heuristics or static analysis to target the search and speed up exploration of the most interesting parts of the trees.  Work on converting the trees to useful descriptions of the constraints.  Infer higher-level constraints such as set containment which are not shown direct-ly in our traces.  New features for our translator and the solver, for example more complex regular expression tests or string inequalities. ArtForm is available at github.com/cs-au-dk/Artemis [1] brics.dk/artemis/ [2] diadem.cs.ox.ac.uk [3] cvc4.cs.nyu.edu/web/