This invention relates to computer software testing systems and, more specifically, to the automatic synthesis of payloads for functional software testing with particular application in the security testing of web services.
The functional testing of software systems has many applications, including bug finding, security assessment, accessibility and compatibility checking, for example. A key difficulty in building and deploying a testing solution is to come up with quality test payloads, which are likely to exercise the subject application in an effective way. This has traditionally been known to require domain knowledge and expertise, which left the task of constructing effective payloads in the hands of domain experts. For example, an entire team of security experts may be assigned the job of building tests and maintaining the test suite according to repositories of attack reports.