CybersecurityBugBuster automatically finds bugs in applications

Published 4 June 2013

To overcome problems associated with using Web sites, problems which range from the annoying to those which inflict severe financial pain on large companies, a Swiss start-up has developed the first intelligent tool which finds out on its own how to interact with an application whose code it tests according to various possible scenarios.

To overcome problems associated with using Web sites, problems which range from the annoying to those which inflict severe financial pain on large companies, the start-up BugBuster has developed the first intelligent tool which finds out on its own how to interact with an application whose code it tests according to various possible scenarios. It notes the problems to designers as screen captures.

The robot, currently available in beta form, will save a lot of time for designers and provides increased reliability.

An École polytechnique fédérale de Lausanne (EPFL) release reports that this week, two of the designers of this technology from the Operating Systems Laboratory of EPFL, Olivier Crameri and Renault John-Lecoultre, will present their system in the United States in two major conferences.

How does a designer ensure that an entire application, which can contain hundreds of screens, is working properly? Testing Web sites still poses problems for Web developers because existing tools are incomplete and full of loopholes. For each change to a small part of the code, it is necessary to test functionality and ensure that it does not cause collateral damage to the site. The start-up’s first product allows developers to combine the automatic exploration of the technical elements with an intuitive Javascript API for specifying functional properties.

To see the application, simply enter the URL onto the company’s Web site and press “start.” The automatic and intelligent explorer analyzes the source code and guesses where to click and what values to enter in order to maximize code coverage. It then identifies the bugs on screen captures, and provides detailed information on debugging.

When the system reports an error — that is precisely what it is. “False positives are not possible. This level of reliability brings a considerable savings of time,” said Olivier Crameri.

The system works on a subscription basis for a particular Web site, and can also test mobile applications. It supports all HTML5 applications. Distributed via the “cloud,” it will be commercially released in a few months.

The release notes that until now, no test has been available that can validate, for example, all the possibilities when it comes to an application in which user interaction is required, as with filling out a form. The strategy is to schedule the test scenarios, which are long and tedious to write, considering that the user clicks here and there… and then automatically to replay each change. “Via the integration of a few simple lines of code, the new bug hunter can solve this problem and systematically test all possibilities,” the app designers say.