Since many businesses are relying on the World Wide Web for interactive customer orders and as a means of advertising product information, it is crucial for a web application to meet the high quality and maintenance standards that are expected by clients. With technology advancing and the interactive highway more accessible, web applications are becoming more complex and widely used. Therefore, it is necessary to be able to test the quality of web sites thoroughly and frequently.

Testing is generally divided into two categories of black box and white-box testing. Black box testing focuses on testing the functional requirements of a program without looking at the internal structure of the program while white-box testing focuses on the internal structure (source code) of a program to derive test cases. To make things easier to understand, Black box testing is concerned with what the program does whereas white-box testing is concerned with how the program does it. Both testing techniques are important in assuring the reliability of an application. Several testing tools are available that aim to test the functionality of an application. Very few, however, have focused testing concerns on the structural features of a web application.

Web Testing Project

The purpose of our project was to get a better understanding of the characteristics of scripting programs and direct our research towards structural testing of web-based programs. In order to familiarize myself with testing, I read multiple articles concerning testing in general. I found articles that explained white-box testing, black box testing and the different types of coverage techniques used to accomplish those testing goals. I searched for articles that described the client-server relationship and tried to figure out how they work together through web applications (dynamic and static).

I searched the web for available tools that test web applications and used the descriptions and/or actual tool (if it was available as a trial or for free) to make a basic outline of what testing tools do. Some of the tools that I found include load and performance testing tools ( program), link checking (Linklint), HTML (code) validators (W3C), and regression testing tools. There was/is an abundance of different tools available that will automate functional testing, however, structural testing tools are not widely available. One tool that I was interested in looking into was WebKing. WebKing is a web testing tool that claims that white box testing the source code is one of it's many capabilities. I was able to get a description of the product but, unfortunately, it was not available for trial. I used the tools that I could get to source code to get a better understanding of not only what they do, but how they work as well.

I gathered as many web testing literary materials as I could and by sifting through them, we (Lori, Amie and I) found one article that described a structural testing web tool. Ricca and Tonella described what they called ReWeb and TestWeb in their article Building a Tool for the Analysis and Testing of Web Applications: Problems and Solutions. ReWeb was designed to make a model of the web application and conduct some minor analysis, and from the model that was created by ReWeb, TestWeb could generate and execute test cases. This article explained some of the issues related to building a web analysis and testing tool and described the tool that they were designing. Unfortunately, their tool is semi-automatic and requires user inputs in order to function properly. They also left out, or maybe they didn't get to that point in their research, a clear description of what TestWeb is and how it works.

I used the references cited in Ricca and Tonella's article to gather more related articles. Most of the other articles were helpful, but they did not do too much in the way of describing a structural approach towards testing web applications. However, Chien-Hung Liu, David C. Kung , Pei Hsia and Chih-Tung Hsu wrote an article titled Structural Testing of Web Applications in which they did discuss an approach for structural testing web applications using data flow techniques. They have not done much in creating the tool, but their approach included creating a diagram of the application and using control flow techniques for determining def-use pairs within an object, across objects and multiple clients accessing the same page with different inputs. In their paper, they used the term object to represent a page and the diagram was to depict objects and their relationships.

We decided to lead our research towards creating an automatic test case generator that would take in source code as input and create feasible test cases. I gathered test case generation documents and read through them. TestWeb's test case generator was not completely automatic. It asked the user to choose a test criterion, specify the page type (static or dynamic with no input) in the UML model if the distinction was not made automatically and enter inputs for all of the dynamic pages that require inputs. Our plan is to eventually construct a tool that will make generating test cases to structurally test a web application automatic.

One of the issues related to testing web pages is multiple languages. I started to write a program that would gather statistics for us. The purpose of this program was to count the number of loops, conditionals and functions within the program as well as to determine whether or not there was JavaScript or VBScript embedded within the document and detect forms and frames. This program was extended to determine what language the program was written in. It recognizes programs written in perl, python, ASP or PHP. To do that, I had to get a better understanding of the languages that are most used in web applications. I drew a picture of the client-server relationship and wrote the languages used on either side under the drawing. Lori later gave me a more detailed one that she drew while at a talk. I made a LaTeX file describing all of the languages that I mapped out and wrote in small examples of the code. This part in the program is now working, but there is more things that need to be considered. Right now it only determines what language the program is written in, but I plan on creating subroutines that will take comments specific for those languages into consideration when examining the code.

This program was also extended to determine declarations. It works well for some declarations, but not all. Some of the problems with this include data variables that are defined implicitly (without a declaration type). I also have to get it to read in HTML input elements correctly. Currently, this part of the program finds variables defined in JavaScript using var and ASP/VBScript using Dim and keeps track of the line number of the definition and the actual defined variable. Eventually, I am hoping to get this to work and use the variables to search for where those variables are used.

With these statistics, we hope to design a tool that will take all these languages into account. Testing web applications is a very complicated task. There are many issues involved that should be considered when developing a test tool. Multiple languages is just one of the many. There can be complications even when one language is used. Nowadays, they have applications that can be used to create a web page without actually writing the code, which, nevertheless, can create different dialects of the same language in which ambiguous code becomes a problem. Dynamic pages that require user input and cookies that can alter the appearance of the page are two more complications that pose a problem when creating a testing tool.


White box testing web applications is still in its infancy when it comes to both the research and business worlds. Many researchers have proposed plans or noted the complications involved with developing a feasible approach towards creating a tool that will automate structural testing, but white box testing still remains mostly a manual process.

Top-line businesses such as JPMorgan use a manual approach for structurally testing the source code of their web applications. Code developers are required to come up with test cases manually that will ``white-box'' test their programs. Some of the professional tools that JPMorgan exploits for testing web applications consist of Mercury Interactive's LoadRunner (a load testing tool that predicts system behavior and performance) and WinRunner (verifies that applications work as expected), and Rational Software's Rational Rose (provides visual modeling). All three of these tools focus on testing the functionality of an application. As for structurally testing web applications from a research perspective, researchers have also not come up with a completely automatic tool that is able to white box test a web site.

Our plan is to step-by-step determine a feasible approach towards creating a structural testing tool that is capable of testing web applications. We plan on comparing techniques that have been used or proposed and taking our knowledge of that and the issues to develop a tool that will make this side of testing automatic.

Main Menu