Web Quality, Security, and Testing 2011 (WebQUeST) - overview
Call For Participation and Contributions
Web Quality, Security, and Testing
(WebQUeST)
In conjunction with ESEC/FSE 2011
September 6, 2011
Szeged, Hungary
WebQUeST will focus on software quality, testing and security for
Web applications. This workshop will bring together academics
and practitioners to discuss common challenges and potential
synergies. One emerging topic is quality and security issues arising in mobile
applications; we especially encourage participants who work in mobile software. We will have presentations in several areas-static program
analysis, dynamic program analysis, testing, statistical
techniques-from multiple perspectives-academic researchers,
industry practitioners, browser vendors. These approaches and
perspectives are all complementary, but often published, if at all, in
different venues. This workshop will foster more interaction across
approaches.
While invited talks will cover the range of approaches above, this
won't be fully comprehensive. Hence, if you do research in this area,
you are encouraged to submit a talk abstract describing your own work
in this area. We will thus create a genuinely comprehensive program
describing the range of approaches to software quality for Web
applications.
Any of the following technical approaches are welcome, but this list is not meant to be exclusive. If participants propose to present novel approaches not on this list, that will be welcome.
- static analysis
- means using traditional program analysis techniques to look for potential quality issues in code as it is being developed. Examples include type inference to look for potential misapplication of functions in scripting languages like JavaScript, and dataflow-based taint analysis that looks for potential dangers like injection attacks.
- testing
- comprises a variety of dynamic techniques that run Web applications, looking for quality problems. Within this scope, we are interested in techniques that enhance the effectiveness of testing by, e.g., generating test suites with improved coverage. Techniques that can dynamically detect issues like tainted data flows are of great interest as well.
- statistical techniques
- rely on comparing pieces of code to known examples of bad and good code, possibly based on features chosen to help distinguish such code. Such techniques can, conceptually, be either static or dynamic, working at the level of source code or runtime operations. We are especially interested in the application of machine learning in this domain.
- refactoring
- to improve software quality is beginning to be applied to scripting languages heavily used in Web applications. Given the dynamic and often idiosyncratic nature of such languages, a key question is what kinds of refactorings are desirable and how much scope there is to implement fully automatic systems.
- academic researchers
- have built many of the techniques currently employed for Web quality, and they continue to do foundational work across all the approaches. Such participants will share novel core ideas, and will gain empirical insights that other participants have.
- industry practitioners
- develop software and service offerings pertaining to Web quality; there have been an increasing wealth of such offerings recently, especially in the space of security. Such participants will share insights and challenges of how to get techniques used in real tools, and will learn novel ideas from researchers.
- browser developers
- write the code by which most people use Web applications. They have a unique perspective based on the kinds of techniques that can be employed to catch quality problems when the user sees them. They can help practitioners and researchers understand what kinds of tools and techniques can be most helpful.