Abstract:
Testing is an important part of any development mechanism to analyze and ensure the quality
and reliability of software[1]. The safety of web systems is a major challenge because of their
complexity and rapidly changing nature. Testing and verification at the earlier design stage of a
web system might reduce the chances of failure. This can be achieved through model-based
testing, a black box testing mechanism, which tests a response of a system according to given
inputs and represents desired behavior of a system. The goal of this research is to propose a fault
model by considering the weaknesses of web based systems through model-based testing. For
this purpose, model-based testing of the SUT will be performed and a fault model for web based
systems is built in terms of an extended finite state machine by merging the state machine of SUT
with state machine of OWASP and NIST vulnerabilities to test the web based systems, which is
then used to generate test sequences describing the flow of state machine which in turn results in
the development of abstract test cases. Test cases are executed to get concrete outputs. Evaluation
of a proposed approach is performed on case studies.
