Learn More
This paper presents a set of tools and techniques for analyzing interactions of composite web services which are specified in BPEL and communicate through asynchronous XML messages. We model the interactions of composite web services as conversations, the global sequence of messages exchanged by the web services. As opposed to earlier work, our tool-set(More)
This paper introduces a framework for modeling and specifying the global behavior of e-service compositions. Under this framework, peers (individual e-services) communicate through asynchronous messages and each peer maintains a queue for incoming messages. A global "watcher" keeps track of messages as they occur. We propose and study a central notion of a(More)
Recently SQL injection attack (SIA) has become a major threat to Web applications. Via carefully crafted user input, attackers can expose or manipulate the back-end database of a Web application. This paper proposes the construction and outlines the design of a static analysis framework (called SAFELI) for identifying SIA vulnerabilities at compile time.(More)
This paper focuses on the realizability problem of a framework for modeling and specifying the global behaviors of reactive electronic services (e-services). In this framework, Web accessible programs (peers) communicate by asynchronous message passing, and a virtual global watcher silently listens to the network. The global behavior is characterized by a(More)
A conversation protocol is a top-down specification framework which specifies desired global behaviors of a Web service composition. In our earlier work (Fu et al., 2003) we studied the problem of realizability, i.e., given a conversation protocol, can a Web service composition be synthesized to generate behaviors as specified by the protocol. Several(More)
Specification, modeling and analysis of interactions among peers that communicate via messages are becoming increasingly important due to the emergence of service oriented computing. Collaboration diagrams provide a convenient visual model for specifying such interactions. An interaction among a set of peers can be characterized as a conversation. A(More)
Modern web applications often suffer from command injection attacks. Even when equipped with sanitization code, many systems can be penetrated due to software bugs. It is desirable to automatically discover such vulnerabilities, given the bytecode of a web application. One approach would be symbolically executing the target system and constructing(More)
In this paper we propose an Automated Web application Testing (AWAT) system which can be used by instructors to effectively evaluate student web programming projects automatically based on the test cases specified on Excel. The AWAT is driven by WATIR and simulates the actions of human testers to extract information from Web pages, and verify expected(More)