Write a Blog >>
ESEC/FSE 2021
Thu 19 - Sat 28 August 2021 Clowdr Platform
ESEC/FSE 2021 (series) / Research Papers /

Understanding and Detecting Server-Side Request Races in Web Applications

Artifacts Available
Zhengyi Qiu, Shudi Shao, Qi Zhao, Guoliang Jin
ESEC/FSE 2021 Research Papers
Wed 25 Aug 2021 11:20 - 11:30 - Testing—Debugging 1 Chair(s): Panos Louridas
Wed 25 Aug 2021 23:20 - 23:30 - Testing—Debugging 1 Chair(s): Yiling Lou

Modern web sites often run web applications on the server to handle HTTP requests from users and generate dynamic responses. Due to their concurrent nature, web applications are vulnerable to server-side request races. The problem becomes more severe with the ever-increasing popularity of web applications.

We first conduct a comprehensive characteristic study of 157 real-world server-side request races collected from different, popular types of web applications. The findings of this study can provide
guidance for future development support in combating server-side request races.

Guided by our study results, we develop a dynamic framework, ReqRacer, for detecting and exposing server-side request races in web applications. We propose novel approaches to model happens-before relationships between HTTP requests, which are essential to web applications. Our evaluation shows that ReqRacer can effectively and efficiently detect known and unknown request races.

https://doi.org/10.1145/3468264.3468594
Zhengyi Qiu
Zhengyi Qiu
North Carolina State University
United States
small-avatar
Shudi Shao
North Carolina State University
United States
small-avatar
Qi Zhao
North Carolina State University
United States
Guoliang Jin
Guoliang Jin
North Carolina State University
United States

Wed 25 Aug

Displayed time zone: Athens change

11:00 - 12:00
Testing—Debugging 1Research Papers +12h
Chair(s): Panos Louridas Athens University of Economics and Business
11:00
10m
Paper
Demystifying “Bad” Error Messages in Data Science Libraries
Research Papers
Yida Tao Shenzhen University, Zhihui Chen Shenzhen University, Yepang Liu Southern University of Science and Technology, Jifeng Xuan Wuhan University, Zhiwu Xu Shenzhen University, Shengchao Qin Teesside University
DOI
11:10
10m
Paper
NIL: Large-Scale Detection of Large-Variance Clones
Research Papers
Tasuku Nakagawa Osaka University, Yoshiki Higo Osaka University, Shinji Kusumoto Osaka University
DOI Pre-print
11:20
10m
Paper
Understanding and Detecting Server-Side Request Races in Web ApplicationsArtifacts Available
Research Papers
Zhengyi Qiu North Carolina State University, Shudi Shao North Carolina State University, Qi Zhao North Carolina State University, Guoliang Jin North Carolina State University
DOI
11:30
30m
Live Q&A
Q&A (Testing—Debugging 1)
Research Papers

23:00 - 00:00
Testing—Debugging 1Research Papers
Chair(s): Yiling Lou Purdue University
23:00
10m
Paper
Demystifying “Bad” Error Messages in Data Science Libraries
Research Papers
Yida Tao Shenzhen University, Zhihui Chen Shenzhen University, Yepang Liu Southern University of Science and Technology, Jifeng Xuan Wuhan University, Zhiwu Xu Shenzhen University, Shengchao Qin Teesside University
DOI
23:10
10m
Paper
NIL: Large-Scale Detection of Large-Variance Clones
Research Papers
Tasuku Nakagawa Osaka University, Yoshiki Higo Osaka University, Shinji Kusumoto Osaka University
DOI Pre-print
23:20
10m
Paper
Understanding and Detecting Server-Side Request Races in Web ApplicationsArtifacts Available
Research Papers
Zhengyi Qiu North Carolina State University, Shudi Shao North Carolina State University, Qi Zhao North Carolina State University, Guoliang Jin North Carolina State University
DOI
23:30
30m
Live Q&A
Q&A (Testing—Debugging 1)
Research Papers