@article{li_xie_jin_liu_2010, title={Perturbation-based user-input-validation testing of web applications}, volume={83}, ISSN={["1873-1228"]}, DOI={10.1016/j.jss.2010.07.007}, abstractNote={User-input-validation (UIV) is the first barricade that protects web applications from application-level attacks. Most UIV test tools cannot detect semantics-related vulnerabilities in validators, such as filling a five-digit number to a field that accepts a year. To address this issue, we propose a new approach to generate test inputs for UIV based on the analysis of client-side information. In particular, we use input-field information to generate valid inputs, and then perturb valid inputs to generate invalid test inputs. We conducted an empirical study to evaluate our approach. The empirical result shows that, in comparison to existing vulnerability scanners, our approach is more effective than existing vulnerability scanners in finding semantics-related vulnerabilities of UIV for web applications.}, number={11}, journal={JOURNAL OF SYSTEMS AND SOFTWARE}, author={Li, Nuo and Xie, Tao and Jin, Maozhong and Liu, Chao}, year={2010}, month={Nov}, pages={2263–2274} }
 @article{li_xie_tillmann_halleux_schulte_2009, title={Reggae: Automated Test Generation for Programs using Complex Regular Expressions}, ISSN={["1527-1366"]}, DOI={10.1109/ase.2009.67}, abstractNote={Test coverage such as branch coverage is commonly measured to assess the sufficiency of test inputs. To reduce tedious manual efforts in generating high-covering test inputs, various automated techniques have been proposed. Some recent effective techniques include Dynamic Symbolic Execution (DSE) based on path exploration. However, these existing DSE techniques cannot generate high-covering test inputs for programs using complex regular expressions due to large exploration space; these complex regular expressions are commonly used for input validation and information extraction. To address this issue, we propose an approach, named Reggae, to reduce the exploration space of DSE in test generation. In our evaluation, we apply Reggae on various input-validation programs that use complex regular expressions. Empirical results show that Reggae helps a test-generation tool generate test inputs to achieve 79% branch coverage of validators, improved from 29% achieved without the help of Reggae.}, journal={2009 IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING, PROCEEDINGS}, author={Li, Nuo and Xie, Tao and Tillmann, Nikolai and Halleux, Jonathan and Schulte, Wolfram}, year={2009}, pages={515–519} }