Probing Analysis

As software becomes more complex, it is increasingly common for applications to be built by composing existing applications or components. On the desktop, many common applications are frequently used as components in other applications. For example, Microsoft's Office products all support being used as components in other applications developed in .NET. The growth of the internet has also spurred the development of web applications and services that can be used as components; many companies provide means for developers to build applications that use or resell their services or products.

Since the users of these components do not have access to the source code, and, in some cases, do not even have access to the executable code, using traditional analysis tools on these components is difficult or impossible. Therefore we have developed probing analysis, a black-box dynamic analysis technique for analyzing closed components.

WebAppSleuth - Probing Analysis for Web Applications and Services

Web applications and services are an important and interesting class of closed components. Web services are generally provided by companies to provide access to or allow the resale of services offered by that company. A prime example of this is in the shipping industry. All the major shipping companies (e.g. FedEx, UPS, USPS) provide web services that allow online retailers to receive quotes on the cost of shipping. These services have been designed to conform to standards that allow them to be readily integrated into applications being built by others, and usually have both informal documentation and a formal WSDL definition.

Web applications use technologies similar to those used by web services, but provide an HTML user interface and are intended to be used directly by the end user. Generally these applications were not intended for use as components in other applications, but often they provide features that are not readily available elsewhere so are used as components in other applications. Since web applications are not intended to be reused, they generally do not include any documentation, and therefore it is up to the user to reverse engineer the interface to the application by examining the HTML.

WebAppSleuth is a methodology and tool for performing probing analysis on web applications and services. It has successfully been applied to a wide variety of deployed web applications and services, and has found anomalies in and suggested improvements to these applications and services.

Papers

• Sebastian Elbaum, Kalyan-Ram Chilakamarri, Marc Fisher II, and Gregg Rothermel. Web application characterization through directed requests. In Proceedings of the 4^th International Workshop on Dynamic Analysis, pages 49-56, Shanghai, China, May 2006. Download∞
• Marc Fisher II, Sebastian Elbaum, and Gregg Rothermel. Dynamic characterization of web application interfaces. In Fundamental Approaches to Software Engineering, volume 4422/2007 of Lecture Notes in Computer Science, pages 260-275, Braga, Portugal, March 2007. Download∞
• Marc Fisher II, Sebastian Elbaum, and Gregg Rothermel. Automated refinement and augmentation of web service description files. Technical Report TR-UNL-CSE-2007-0026, University of Nebraska - Lincoln, Lincoln, NE USA, December 2007. Download∞

Internal Page

CategoryProject