G.A. Di Lucca

Testing Web applications

The rapid diffusion of Internet and open standard technologies is producing a significant growth of the demand of Web sites and Web applications with more and more strict requirements of usability, reliability, interoperability and security. While several methodological and technological proposals for developing Web applications are coining both from industry and academia, there is a general lack of methods and tools to carry out the key processes that significantly impact the quality of a Web application (WA), such as the validation & verification (V&V), and quality assurance. Some open issues in the field of Web application testing are addressed in this paper. The paper exploits an object-oriented model of a WA as a test model, and proposes a definition of the unit level for testing the WA. Based on this model, a method to test the single units of a WA and for the integration testing is proposed. Moreover, in order to experiment with the proposed technique and strategy, an integrated platform of tools comprising a Web application analyzer, a repository, a test case generator and a test case executor, has been developed and is presented in the paper. A case study, carried out with the aim of assessing the effectiveness of the proposed method and tools, produced interesting and encouraging results.

An approach to identify duplicated web pages

A relevant consequence of the expansion of the web and e-commerce is the growth of the demand of new web sites and web applications. As a result, web sites and applications are usually developed without a formalized process, and web pages are directly coded in an incremental way, where new pages are obtained by duplicating existing ones. Duplicated web pages, having the same structure and just differing for the data they include, can be considered as clones. The identification of clones may reduce the effort devoted to test, maintain and evolve web sites and applications. Moreover, clone detection among different web sites aims to detect cases of possible plagiarism. In this paper we propose an approach. based on similarity metrics, to detect duplicated pages in web sites and applications, implemented with HTML language and ASP technology. The proposed approach has been assessed by analyzing several web sites and Web applications. The obtained results are reported in the paper with respect to some case studies.

An approach to classify software maintenance requests

When a software system critical for an organization exhibits a problem during its operation, it is relevant to fix it in a short period of time, to avoid serious economical losses. The problem is therefore noticed by the organization in charge of the maintenance, and it should be correctly and quickly dispatched to the right maintenance team. We propose to automatically classify incoming maintenance requests (also said tickets), routing them to specialized maintenance teams. The final goal is to develop a router working around the clock, that, without human intervention, dispatches incoming tickets with the lowest misclassification error, measured with respect to a given routing policy. 6000 maintenance tickets from a large, multi-site, software system, spanning about two years of system in-field operation, were used to compare and assess the accuracy of different classification approaches (i.e., Vector Space model, Bayesian model, support vectors, classification trees and k-nearest neighbor classification). The application and the tickets were divided into eight areas and pre-classified by human experts. Preliminary results were encouraging, up to 84% of the incoming tickets were correctly classified.

WARE: a tool for the reverse engineering of Web applications

The development of Web sites and applications is increasing dramatically to satisfy the market requests. The software industry is facing the new demand under the pressure of a very short time-to-market and an extremely high competition. As a result, Web sites and applications are usually developed without a disciplined process: Web applications are directly coded and no, or poor, documentation is produced to support the subsequent maintenance and evolution activities, thus compromising the quality of the applications. This paper presents a tool for reverse engineering Web applications. UML diagrams are used to model a set of views that depict several aspects of a Web application at different abstraction levels. The recovered diagrams ease the comprehension of the application and support its maintenance and evolution. A case study, carried out with the aim of assessing the effectiveness of the proposed tool, allowed relevant information about some real Web applications to be successfully recovered and modeled by UML diagrams.

Migrating legacy systems towards object-oriented platforms

Presents an approach to migrate legacy systems to object-oriented platforms. The process consists of six sequential phases and encompasses reverse engineering and re-engineering activities. The aim of the reverse engineering phases is to decompose programs into components implementing user interface management and components implementing application domain objects. The identification of objects is centred around a persistent data store and exploits object-oriented design metrics. Wrapping techniques are the core of the re-engineering activities. They make new systems able to exploit existing resources, thus allowing an incremental and selective translation of the identified objects

Identifying cross site scripting vulnerabilities in Web applications

Cross site scripting (XSS) is a vulnerability of a Web application that is essentially caused by the failure of the application to check up on user input before returning it to the clients Web browser. Without an adequate validation, user input may include malicious code that may be sent to other clients and unexpectedly executed by their browsers, thus causing a security attack. Techniques to prevent this type of attacks require that all application input must be checked up and filtered, encoded, or validated before sending them to any user. In order to discover the XSS vulnerabilities in a Web application, traditional source code analysis techniques can be exploited. In this paper, in order to assess the XSS vulnerability of a Web application, an approach that combines static and dynamic analysis of the Web application is presented. Static analysis based criteria have been defined to detect potential vulnerabilities in the server pages of a Web application, while a process of dynamic analysis has been proposed in order to detect actual vulnerabilities. Some case studies have been carried out, giving encouraging results.

Comprehending Web applications by a clustering based approach

The number and complexity of Web applications are increasing dramatically to satisfy market needs, and the need of effective approaches for comprehending them is growing accordingly. Recently, reverse engineering methods and tools have been proposed to support the comprehension of a Web application; the information recovered by these tools is usually rendered in graphical representations. However, the graphical representations become progressively less useful with large-scale applications, and do not support adequately the comprehension of the application. To overcome this limitation, we propose an approach based on a clustering method for decomposing a Web application (WA) into groups of functionally related components. The approach is based on the definition of a coupling measure between interconnected components of the WA that takes into account both the typology and topology of the connections. The coupling measure is exploited by a clustering algorithm that produces a hierarchy of clustering. This hierarchy allows a structured approach for comprehension of the Web application to be carried out. The approach has been experimented with medium sized Web applications and produced interesting and encouraging results.

Assessing staffing needs for a software maintenance project through queuing simulation

We present an approach based on queuing theory and stochastic simulation to help planning, managing, and controlling the project staffing and the resulting service level in distributed multiphase maintenance processes. Data from a Y2K massive maintenance intervention on a large COBOL/JCL financial software system were used to simulate and study different service center configurations for a geographically distributed software maintenance project. In particular, a monolithic configuration corresponding to the customers point-of-view and more fine-grained configurations, accounting for different process phases as well as for rework, were studied. The queuing theory and stochastic simulation provided a means to assess staffing, evaluate service level, and assess the likelihood to meet the project deadline while executing the project. It turned out to be an effective staffing tool for managers, provided that it is complemented with other project-management tools, in order to prioritize activities, avoid conflicts, and check the availability of resources.

An approach for reverse engineering of web-based applications

The new possibilities offered by WEB applications are pervasively and radically changing several areas. WEB applications, compared to WEB sites, offer substantially greater opportunities: a WEB application provides the WEB user with a means to modify the site status. WEB applications must cope with an extremely short development/evolution life cycle. Usually, they are implemented without producing any useful documentation for subsequent maintenance and evolution, thus compromising the desired high level of flexibility, maintainability, and adaptability that is de-facto necessary to compete and survive to market shakeout. This paper presents an approach inspired by the reverse engineering arena and a tool prototype supporting WEB application reverse engineering activities, to help maintain, comprehend and evolve WEB applications. The approach defines a set of abstract views, modeled using UML diagrams, organized into a hierarchy of different abstraction levels, depicting several aspects of a WEB application to facilitate its comprehension. A real world WEB application was used as case study, and information previously not available was recovered, with encouraging results.

Considering browser interaction in Web application testing

As Web applications evolve, their structure may become more and more complex. Thus, systematic approaches/methods for Web application testing are needed. Existing methods take into consideration only those actions/events the user is prompted by the application itself, such as the selection of a hypertextual link or the submission of the data contained in a form. However, these methods do not consider also actions/events provided by the browser, such as the usage of backward and forward buttons, usage that in some cases may produce navigation inconsistencies. This paper proposes an approach to integrate existing testing techniques with a state-based testing devoted to discover possible inconsistencies caused by interactions with Web browser buttons. A testing model, considering the role of the browser while navigating a Web application, and some coverage criteria, are presented.