Explore the vast range of titles available.

We describe a method to use the source code change history of a software project to drive and help to refine the search for bugs. Based on the data retrieved from the source code repository, we implement a static source code checker that searches for a commonly fixed bug and uses information automatically mined from the source code repository to refine its results. By applying our tool, we have identified a total of 178 warnings that are likely bugs in the Apache Web server source code and a total of 546 warnings that are likely bugs in Wine, an open-source implementation of the Windows API. We show that our technique is more effective than the same static analysis that does not use historical data from the source code repository.

Software testing is considered to be one of the most important processes in software development for it verifies if the system meets the user requirements and specification. Manual testing and automated testing are two ways of conducting software testing. Automated testing gives software testers the ease to automate the process of software testing thus considered more effective when time, cost and usability are concerned. There are a wide variety of automated testing tools available, either open source or commercial. This paper provides a comparative review of features of open source and commercial testing tools that may help users to select the appropriate software testing tool based on their requirements.

Websites are becoming increasingly effective communication tools. Nevertheless, web applications are vulnerable to attack and can give attackers access to sensitive information or unauthorized access to accounts. The number of vulnerabilities in web applications has increased dramatically over the past decade. Many are due to improper validation and sanitization of input. Identifying these vulnerabilities is essential for developing high-quality, secure web applications. Whenever a website is released to the public, it is required to have had penetration testing to a certain standard to ensure the security of the information. Application-level security vulnerability detection is possible for many commercial and open-source applications. However, developers are curious about which tools detect security vulnerabilities and how quickly they do so. The purpose of this study is to discuss penetration testing and how it can be implemented. This paper also explores the hazards and vulnerabilities associated with the web environment as well as the protective measures that can be taken. In addition, a comprehensive review and comparison of common web penetration testing tools is provided. The aim of this paper is to help web penetration testers choose a technology that is optimal for their requirements. The paper also sets out to guide and provide recommendations to users for choosing the best web penetration test tool and increasing their awareness of secure web environments. The study results indicate that not all web penetration testing tools offer the same features and that combining analysis tools can provide detailed information about web vulnerabilities.

Search-based optimization techniques have been applied to structural software test data generation since 1992, with a recent upsurge in interest and activity within this area. However, despite the large number of recent studies on the applicability of different search-based optimization approaches, there has been very little theoretical analysis of the types of testing problem for which these techniques are well suited. There are also few empirical studies that present results for larger programs. This paper presents a theoretical exploration of the most widely studied approach, the global search technique embodied by Genetic Algorithms. It also presents results from a large empirical study that compares the behavior of both global and local search-based optimization on real-world programs. The results of this study reveal that cases exist of test data generation problem that suit each algorithm, thereby suggesting that a hybrid global-local search (a Memetic Algorithm) may be appropriate. The paper presents a Memetic Algorithm along with further empirical results studying its performance.

Researchers have explored the application of combinatorial interaction testing (CIT) methods to construct samples to drive systematic testing of software system configurations. Applying CIT to highly-configurable software systems is complicated by the fact that, in many such systems, there are constraints between specific configuration parameters that render certain combinations invalid. Many CIT algorithms lack a mechanism to avoid these. In recent work, automated constraint solving methods have been combined with search-based CIT construction methods to address the constraint problem with promising results. However, these techniques can incur a non-trivial overhead. In this paper, we build upon our previous work to develop a family of greedy CIT sample generation algorithms that exploit calculations made by modern Boolean satisfiability (SAT) solvers to prune the search space of the CIT problem. We perform a comparative evaluation of the cost-effectiveness of these algorithms on four real-world highly-configurable software systems and on a population of synthetic examples that share the characteristics of those systems. In combination our techniques reduce the cost of CIT in the presence of constraints to 30 percent of the cost of widely-used unconstrained CIT methods without sacrificing the quality of the solutions.

Software testing is a crucial part of software development, it ensures that the software been developed performs all functional requirements and is free from any form of defect and errors. This ensures that the software is of good quality and standard. While testing a software, it is important to be time and cost consciousness. This reason has made most testers switch from the manual testing process to automation of software testing, to reduce time and cost. But then selecting a software testing tool for automated testing that best fit a project is important yet challenging task, the objective of this paper is to evaluate some of the most used software testing tool, identify their strength and weakness and also the field where they can be employed, either for mobile testing, web service testing or both. The method utilized in the paper involved the analysis of recommended literatures to pinpoint necessary testing tools selected based on inclusion and exclusion criteria, that were evaluated. The result of the analysis indicted that based on the selected criteria, testing tools that supports web platform testing made up 17%, while tools that supported desktop and mobile platforms was 10% and 7% respectively. also, 7% of the tools examined were found to be open source tools while 12% were licensed tools. 10% of the testing tools examined supported the test result and report generation criterion while tools that require the knowledge of programming language was least as only 3% of examined tools supported this criterion. It was observed that there is no one perfect tool for testing, but for a particular testing purpose, tradeoffs can be made to select the best tool depending on the size of the project, the budgeted cost for testing, the platform of the application and also the language that is used to develop the project.

Selenium WebDriver is a framework used to control web browsers automatically. It provides a cross-browser Application Programming Interface (API) for different languages (e.g., Java, Python, or JavaScript) that allows automatic navigation, user impersonation, and verification of web applications. Internally, Selenium WebDriver makes use of the native automation support of each browser. Hence, a platform-dependent binary file (the so-called driver) must be placed between the Selenium WebDriver script and the browser to support this native communication. The management (i.e., download, setup, and maintenance) of these drivers is cumbersome for practitioners. This paper provides a complete methodology to automate this management process. Particularly, we present WebDriverManager, the reference tool implementing this methodology. WebDriverManager provides different execution methods: as a Java dependency, as a Command-Line Interface (CLI) tool, as a server, as a Docker container, and as a Java agent. To provide empirical validation of the proposed approach, we surveyed the WebDriverManager users. The aim of this study is twofold. First, we assessed the extent to which WebDriverManager is adopted and used. Second, we evaluated the WebDriverManager API following Clarke’s usability dimensions. A total of 148 participants worldwide completed this survey in 2020. The results show a remarkable assessment of the automation capabilities and API usability of WebDriverManager by Java users, but a scarce adoption for other languages.

Today, one of the most popular ways organizations use to provide their services, or broadly speaking, interact with their customers, is through web applications. Those applications should be protected and meet all security requirements. Penetration testers need to make sure that the attacker cannot find any weaknesses to destroy, exploit, or disclose information on the Web. Therefore, using automated vulnerability assessment tools is the best and easiest part of web application pen-testing, but these tools have strengths and weaknesses. Thus, using the wrong tool may lead to undetected, expected, or known vulnerabilities that may open doors for cyberattacks. This research proposes an empirical comparison of pen-testing tools for detecting web app vulnerabilities using approved standards and methods to facilitate the selection of appropriate tools according to the needs of penetration testers. In addition, we have proposed an enhanced benchmarking framework that combines the latest research into benchmarking and evaluation criteria in addition to new criteria to cover more ground with benchmarking metrics as an enhancement for web penetration testers and penetration testers in real life. In addition, we measure the tool’s abilities using a score-based comparative analysis. Moreover, we conducted simulation tests of both commercial and non-commercial pen-testing tools. The results showed that Burp Suite Professional scored the highest out of the commercial tools, while OWASP ZAP scored the highest out of the non-commercial tools.

With the proliferation and the critical role of Internet of Things (IoT) in various domains, rigorous testing techniques are required for improving their quality. Several review studies have examined IoT topology and analyzed different layers of the IoT architecture. These assessments include synthesis on the application layer protocols, but do not specifically study the application layer protocol standalone. As a result, this work focuses on unique application-layer protocol-specific testing approaches, using different tools and frameworks, and systematically analyzes the challenges in an in-depth manner. There is a need for a specific and deeper analysis of the application layer IoT protocol testing state of the art. This paper aims to bridge this gap by conducting a Systematic Literature Review (SLR) to provide a deeper and concise picture of the state of the art in testing IoT application layer protocols. We consider studies published between 2010 and 2025, resulting in 47 primary studies selected from 822 retrieved papers after systematic screening. These studies have been retrieved from eight major digital libraries. Following the Preferred Reporting Items for Systematic Review and Meta-Analysis (PRISMA) guidelines, we discuss and synthesize our findings on the different types of testing, explore the most promising approaches, frameworks and tools, trends, highlight the main challenges, and identify open research issues and directions in testing IoT application layer protocols. Article Highlights Message Queuing Telemetry Transport (MQTT) is the protocol most investigated.The other protocols have been neglected. Several identified challenges, such as non-determinism, remain unaddressed oronly partially addressed. Current approaches and tools have a narrow focus and applicability, a moregeneral framework is needed.

Testing is an important part of every software development process on which companies devote considerable time and effort. The burgeoning web applications and their proliferating economic significance in the society made the area of web application testing an area of acute importance. The web applications generally tend to take faster and quicker release cycles making their testing very challenging. The main issues in testing are cost efficiency and bug detection efficiency. Coverage-based   testing is the process of ensuring exercise of specific program elements. Coverage measurement helps determine the “thoroughness” of testing achieved. An avalanche of tools, techniques, frameworks came into existence to ascertain the quality of web applications.  A comparative study of some of the prominent tools, techniques and models for web application testing is presented. This work highlights the current research directions of some of the web application testing techniques.