Rajendra Gokhale

Madhura Halasgikar

 
 

A New Approach to Application Security Testing Tool Design

    
 

Over the past several years, tools that help programmers quickly create Graphical User Interfaces (GUI) based applications have dramatically improved programmer productivity. This has increased the pressure on testers, who are often perceived as bottlenecks to the delivery of software products. Testers are being asked to test more and more code in less time. They need to dramatically improve their own productivity. Test automation is one way to do this.

There are innumerous solutions that exist in the market. But they do not always cater to the needs of testing an application which changes at a rapid pace. Maintainability becomes difficult in such cases. This paper describes the methodology adopted to develop an automation framework to carryout GUI testing of a window based application at Texas Instruments. The approach reduced the test execution time convincingly without compromising on the quality of testing. The maintenance efforts for the sub-sequent test cycles were very minimal and it warranted complete reuse of test cases.

Section 2 analyzes tools available in the market and their pros and cons, and Section 3 describes our implementation. Section 4 describes how we evaluated our system and presents the results. Section 5 presents our conclusions and describes future work.

    

Speaker's Background

Rajendra Gokhale currently heads the Research Division at Aztecsoft-itest. Prior to this he has worked at a number of institutions including I.I.T. Bombay and Bell Labs, Murray Hill. His current work involves researching issues in the areas of Security and Performance Testing of Web-based applications. He holds a Masters degree in Computer Science and Engineering from I.I.T. Bombay.

Madhura Halasgikar Madhura Halasgikar currently works as Software Development Engineer Test as part of the Research Division at Aztecsoft-itest. Her work involves reviewing the web applications for security vulnerabilities (e.g. OWASP TOP 10, WASC TOP 26 etc), providing security solutions and using various proprietary and open source vulnerability assessment tools. She holds a B.E. in Information Technology from Cummins College, Pune University.