Sequential browsing operations are series or sequences of element selections, typically associated with clicks (pointing device click) and/or hypertext transport protocol (HTTP) requests that are interdependent. Interdependence in the series means a third request in a sequence of requests cannot be valid when a first request and second request have not been sent previously to a server. For example, sequential browsing operations include a sequence of operations used in completing an online purchase, registering for a user account, and in completing an online test.
There is a need to identify sequences determined as sequential browsing operations because when performing an automated test re-sending a set of requests in a same order as originally recorded is required for the test to be validated. A challenge arises in identifying the operation sequences in an automated fashion within a context of capturing browsing data from various network sources and leveraging the data.
Using an example of security testing, identification of sequential browsing operations may improve crawling coverage of dynamic analysis web security scanners by using web traffic information collected from network nodes and server logs. In another related example, a system may enhance manual web application functional testing processes as part of a quality assurance process by using identification of sequential browsing operations to streamline application security testing.
Solutions are available for identifying request dependencies from known sequences of requests defined by users. Techniques for constructing crawling strategies to identify request dependencies as part of automated crawling of a web site by a testing tool are also available. However available solutions are typically satisfactory. In the first case, the solution typically validates only an already existing sequence constructed by a user. In the second case, a re-exploration of a site is typically required, which defeats the initial purpose imposing high cost in terms of time and processing resource. In another approach, entire collected data can be used as a sequence and then used in validation solution. However using this approach may prove to be costly in terms of time and processing resource because the validation method consists of re-sending requests in various combinations and performing comparisons of the test responses received against original response data.