automated testing

Web applications (apps) are integral to our daily lives. Before users can use web apps, testing must be conducted to ensure their reliability. There are various approaches for testing web apps. However, they still require improvement. In fact, they struggle to achieve high coverage of web app functionalities. On the one hand, web apps typically have an extensive state space, which makes testing all states inefficient and time-consuming. On the other hand, specific sequences of actions are required to access certain functionalities. Therefore, the optimal testing strategy extremely depends on the app’s features. Reinforcement Learning (RL) is a machine learning technique that learns the optimal strategy to solve a task through trial-and-error rather than explicit supervision, guided by positive or negative reward. Deep RL extends RL, and exploits the learning capabilities of neural networks. These features make Deep RL suitable for testing complex state spaces, such as those found in web apps. However, modern approaches support fundamental RL. We have proposed WeDeep, a Deep RL testing approach for web apps. We evaluated our method using seven open-source web apps. Results from experiments prove it has higher code coverage and fault detection than other existing methods

This paper proposes a new method for automatic generation of test cases using model based testing. As test model, class and state diagrams are used, and constraints are expressed using OCL. First, the state machine is converted into a mathematical representation in AMPL. Then, using a search algorithm and based upon coverage criteria, the abstract paths are selected from state machine. Second, using symbolic execution, the generated abstract path along with the constraints on this path is converted into the data of generated mathematical model. Third, the generated mathematical problem is solved with solvers that have interface with AMPL, and the test data is produced for each abstract test case. Finally, the generated test data and abstract paths are transformed into executable test cases. All-Transitions and All-States coverage criteria are used for conduct search algorithm, as well as the criteria for evaluate the quality of generated test cases. To validate the work, by utilizing various solvers, the test cases are generated for various problems.
The proposed technique is implemented as a tool, named MoBaTeG. The tool shows good result in terms of test case generation execution time, test goals satisfaction rate, source code instructions coverage, and also boundary values generation.

One of the main requirements for providing software security is the enforcement of access control policies, which is sometimes referred to as the heart of security. The main purpose of access control policies is to protect resources of the system against unauthorized accesses. Any error in the implementation of access control policies may lead to undesirable outcomes. Hence, we should ensure that these policies are properly implemented. For testing the implementation of access control policies, it is desired to use automated methods. In fact, these methods are faster and more reliable solutions for assessment of the software systems. Although several researches are conducted for automated testing of the specification of access control policies at the design phase, there is not enough research on testing their implementation. In addition, since access control is amongst non-functional requirements of the system, it is not easy to test them along with other requirements of the system by usual methods. To address this challenge, in this paper, we propose an automated method for testing the implementation of access control in a system. This method, as a model based technique, is able to extract test cases for evaluating the access control policies of the system under test. To generate test cases automatically, a combination of behavior model of the system and the specification of access control policies that is written in XACML, are used. The experimental results show that the proposed approach is able to kill the mutants and cover most of the code that is related to access control policies.