Web Quality, Security, and Testing 2011 (WebQUeST)     


Web Quality, Security, and Testing 2011 (WebQUeST) - overview

Workshop on Web Quality, Security, and Testing 2011 (WebQUeST)

Call For Participation and Contributions

Web Quality, Security, and Testing

In conjunction with ESEC/FSE 2011

September 6, 2011

Szeged, Hungary

WebQUeST will focus on software quality, testing and security for Web applications. This workshop will bring together academics and practitioners to discuss common challenges and potential synergies. One emerging topic is quality and security issues arising in mobile applications; we especially encourage participants who work in mobile software. We will have presentations in several areas-static program analysis, dynamic program analysis, testing, statistical techniques-from multiple perspectives-academic researchers, industry practitioners, browser vendors. These approaches and perspectives are all complementary, but often published, if at all, in different venues. This workshop will foster more interaction across approaches.
While invited talks will cover the range of approaches above, this won't be fully comprehensive. Hence, if you do research in this area, you are encouraged to submit a talk abstract describing your own work in this area. We will thus create a genuinely comprehensive program describing the range of approaches to software quality for Web applications.
Any of the following technical approaches are welcome, but this list is not meant to be exclusive. If participants propose to present novel approaches not on this list, that will be welcome.
static analysis
means using traditional program analysis techniques to look for potential quality issues in code as it is being developed. Examples include type inference to look for potential misapplication of functions in scripting languages like JavaScript, and dataflow-based taint analysis that looks for potential dangers like injection attacks.
comprises a variety of dynamic techniques that run Web applications, looking for quality problems. Within this scope, we are interested in techniques that enhance the effectiveness of testing by, e.g., generating test suites with improved coverage. Techniques that can dynamically detect issues like tainted data flows are of great interest as well.
statistical techniques
rely on comparing pieces of code to known examples of bad and good code, possibly based on features chosen to help distinguish such code. Such techniques can, conceptually, be either static or dynamic, working at the level of source code or runtime operations. We are especially interested in the application of machine learning in this domain.
to improve software quality is beginning to be applied to scripting languages heavily used in Web applications. Given the dynamic and often idiosyncratic nature of such languages, a key question is what kinds of refactorings are desirable and how much scope there is to implement fully automatic systems.
In addition to representing many different approaches, we shall also represent several kinds of participants:
academic researchers
have built many of the techniques currently employed for Web quality, and they continue to do foundational work across all the approaches. Such participants will share novel core ideas, and will gain empirical insights that other participants have.
industry practitioners
develop software and service offerings pertaining to Web quality; there have been an increasing wealth of such offerings recently, especially in the space of security. Such participants will share insights and challenges of how to get techniques used in real tools, and will learn novel ideas from researchers.
browser developers
write the code by which most people use Web applications. They have a unique perspective based on the kinds of techniques that can be employed to catch quality problems when the user sees them. They can help practitioners and researchers understand what kinds of tools and techniques can be most helpful.

Workshop Format

Given the goal of having an exchange amongst the diverse approaches and perspectives of people working in this space, we shall focus the workshop around a series of invited talks, and discussions. The workshop program is available here