Data flow analysis and testing of JSP-based Web applications

Abstract

Web applications often rely on server-side scripts to handle HTTP requests, to generate dynamic contents, and to interact with other components. The server-side scripts are usually not checked by any compiler and, hence, can be error-prone. In this paper, we adapt traditional data flow testing techniques into the context of Java Server Pages (JSP), a very popular server-side script for developing Web applications with Java Technology. We point out that the JSP implicit objects and action tags can introduce several unique data flow test artifacts which need to be addressed. A test model is presented to capture the data flow information of JSP pages with considerations of various implicit objects and action tags. Based on the test model, we describe an approach to compute the intraprocedural, interprocedural, and sessional data flow test paths for uncovering the data anomalies of JSP pages.