Automated testing of complex Web 2.0 applications prevents security vulnerabilities

Mar 01, 2013
Automated testing of complex Web 2.0 applications prevents security vulnerabilities
Computer scientists from Saarland University have developed a software system for checking complex web applications autonomously. Credit: bellhäuser - das bilderwerk

So far there are no methods to test complex web 2.0 applications systematically and at low cost for malfunctions and security vulnerabilities. Therefore, computer scientists from Saarland University have developed a software system for checking complex web applications autonomously.

"The police have discovered a new variant of . The offender capitalizes on the complexity of social networks", reported a newspaper a month ago in Southern Germany. Valentin Dallmeier, postdoc at the software engineering chair at Saarland University, is not surprised. He says that the methods that and responsible project leaders rely on to try to find and security holes in have been too ineffective and inefficient. "This is still done manually and therefore causes not only very high costs, but also high levels of risk for companies and the community," Martin Burger explains. He works at the software engineering chair, too. Together the two postdocs want to change this serious deficit. Therefore they have developed the software system "Webmate", which determines automatically why Web 2.0 applications fail.

For the transfer of the technology to a spin-off, they have just received 500,000 Euros from the national support program "EXIST" run by the Federal Ministry of Economics and Technology (BMWi). The program is aimed at improving the entrepreneurial environment at universities and and at increasing the number of technology- and knowledge-based business start-ups.

So called Web 2.0 applications run centrally on an online server. Therefore, in contrast to conventional programs, they are not installed on the user's computer or laptop; instead, the user interacts with them via a web browser. In recent years, thanks to new web development technologies such as Asynchronous JavaScript and XML (AJAX), web applications can be used as smoothly as if they were installed on personal computers. AJAX takes care of organizing the transfer of data packets between the user's computer and server in such a way that the delays incurred by the connection are barely noticeable. Hence, not only private users but also companies and the public sector are adopting web applications more and more frequently. However, news about data theft and malfunctions is also reported on a daily basis.

Dallmeier and Burger want to prevent such worst-case scenarios and other breakdowns. Businesses and their responsible web administrators will only have to type in their Web address. Afterwards the system discovers automatically how the different components of the application are connected to each other and via which menus, buttons, and other control panels the users are interacting with the application. Subsequently, it generates and executes test scenarios. If it discovers, for example, that the application is not compatible with a certain version of a browser, or a control panel no longer exists in a new version of the application, the system informs the developer immediately—likewise if a database is not connected, a server does not respond, or a link is dead. The web developer is able to repeat this test at any time.

Dallmeier, Burger and the three other persons planning to found the spin-off are sure that their technology will succeed. They estimate the market potential in Germany alone to be 120 million Euros annually.

Explore further: Android gains in US, basic phones almost extinct

More information: www.st.cs.uni-saarland.de/webmate/

add to favorites email to friend print save as pdf

Related Stories

Google building online Chrome application shop

May 19, 2010

Google on Wednesday gave software developers an early peek at an online Chrome Web Store it is building as an emporium for games and other applications built for use on the Web.

How to Protect Your Web Server from Attacks

Oct 11, 2007

The National Institute of Standards and Technology has released a new publication that provides detailed tips on how to make web servers more resistant to potential attacks. Called “Guidelines on Securing Public Web Servers,” ...

An operating system in the cloud

Oct 09, 2012

Computer users are familiar to different degrees with the operating system that gets their machines up and running, whether that is the Microsoft Windows, Apple Mac, Linux, ChromeOS or other operating system. The OS handles ...

Recommended for you

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 0

More news stories

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

A homemade solar lamp for developing countries

(Phys.org) —The solar lamp developed by the start-up LEDsafari is a more effective, safer, and less expensive form of illumination than the traditional oil lamp currently used by more than one billion people ...

NASA's space station Robonaut finally getting legs

Robonaut, the first out-of-this-world humanoid, is finally getting its space legs. For three years, Robonaut has had to manage from the waist up. This new pair of legs means the experimental robot—now stuck ...

Filipino tests negative for Middle East virus

A Filipino nurse who tested positive for the Middle East virus has been found free of infection in a subsequent examination after he returned home, Philippine health officials said Saturday.

Egypt archaeologists find ancient writer's tomb

Egypt's minister of antiquities says a team of Spanish archaeologists has discovered two tombs in the southern part of the country, one of them belonging to a writer and containing a trove of artifacts including reed pens ...