1. Field of the Invention
The present invention relates generally to a computer implemented method, a data processing system, and a computer program product. More specifically the present invention relates to a computer implemented method, a data processing system, and a computer program product for measuring coverage of application inputs for advanced web application security testing.
2. Description of the Related Art
Code coverage is a measure used in software testing for describing the extent to which source code has been exercised during the testing procedure. Code coverage measurements are a form of white box testing, wherein knowledge of the source code is required.
Typical white box code coverage measurements allow the software engineer to obtain data about the execution of the program on a line by line basis. It may also be possible for the software engineer to examine data values held in program variables on a line by line basis.
However, typical white box code coverage measurements are impractical when the analyzed code becomes too large, or when the software engineer has no knowledge of the underlying source code. With no knowledge of the underlying source code, the software engineer must typically rely on black box testing procedures. Black box testing takes an external perspective of the test object to derive test cases. The test designer selects valid and invalid input and determines the correct output. There is no knowledge of the test object's internal structure. That is, the software engineer can only determine whether a correct output was given. In black box testing, the software engineer has no direct knowledge of how the program arrived at the given output.
Black box testing works by sending a test to an application input. While black box testing can uncover unimplemented parts of the specification, the software engineer cannot be sure that all existent paths of the code are tested.