A Review on Web Application Testing and its Current Research Directions

ABSTRACT


INTRODUCTION
With the advent of internet revolution and the colossal rise in the development of web applications as well as their corresponding usage, it is becoming mandatory for quality testing of web applications. Web Application Testing is gaining importance given the major stake of economic relevance in the contemporary society. The cost of fixing a bug is directly proportional to the time of its discovery. The longer the time it takes to unearth a bug, the costlier it becomes to fix it as the software would have been distributed or under use by the customers [1].
The mammoth customer base and a global distribution of the customers in the case of web application testing (WAT), software bugs detected late proved pricy for the applications owners in the past and will continue to be in the future [1]. The versatility of web applications is a predominant feature which is making the testing of web applications a tough job [2][3][4]. However, high quality testing would always contribute in better customer retention and loyalty for web applications, thereby directly contributing to a thriving and sustaining business. The principal feature of web applications that differentiates it from traditional testing on desktop is that web applications are completely heterogeneous in nature at various levels [4], [5]. Features of web applications which discriminate them from customary desktop applications are highlighted in Figure 1.
The enormous customer base, a heterogeneous execution environment, heterogeneous languages used for component development, heterogeneous operating systems, faster maintenance rate, multi-tier architecture, transactional concurrency, dynamic state changes (like for e.g., pressing of back button on  [2]. Such complexities inherent with web applications make the testing of web applications a challenging job thus establishing a clear need for more sophistication in the WAT. To quote an example, PayPal had to pay huge compensation for its customers for a small service outage resulting from a faulty upgradation of its website [6].

Figure 1. Features of Web Applications
A focus on all the major web application testing challenges is presented in Section 2, different architectures proposed for web application testing earlier are consolidated in section 3, various models available for web application testing are presented in section 4, several methods, techniques for web application testing are presented in Section 5. Some of the top testing tools available for automated testing of web applications and a comparative study of the applications are presented in Section 6.

WEB APPLICATION TESTING CHALLENGES
With a unique set of characteristics for web applications, the challenges involved in testing them are also multi fold [7]. To unearth a failure, it is necessary to test the web application in a combination of input with state. With its close linkage to the environment in which it is running, web application testing poses critical challenges [1]. However the running environment has a predominant effect on the nonfunctional requirements like availability, performance, compatibility, stability, accessibility, usability, security etc. [1], [7][8][9]. Specifically, the heterogeneity involved in the various languages used, execution environments, technologies and operating system, make the testing of web applications a critical issue to handle [7]. An efficient test suite should comprise of a those set of test cases which perform coverage testing of all possible combination of parameters [45]. Some of the major testing challenges with web applications are presented in Figure 2. relationships Navigation, Request, Response and Redirect using which the testers comprehend the structures and dependencies among the various web application components. The Page Navigation Diagram (PND) and the Object State Diagram (OSD) are used for performing navigation testing and structural testing of web applications [17]. A navigation model of the transition of pages is constructed based on the hyperlinks present in the web pages. Dynamic requests of users are modeled separately [18].
Realistic Usage Model (RUM) has been proposed which is used by a Simple Work Load Model (SLM). SLM relies on simulating the number of users by observing the server logs and studying the user requests [19].

5.
WEB APPLICATION TESTING METHODOLOGY Different types of testing techniques like coverage testing, structural testing, statistical testing, combinatorial interaction testing, penetration testing, Search based software engineering testing, Unique Input/Output method using Genetic Algorithms [20], Web application Slicing [21], [22], Hierarchical testing [23], Bypass testing, Cross Browser compatibility testing [24], Leveraging User session Data Testing have been presented by various researchers in the context of web application testing [37]. a. Structural Testing -Data flow analysis on web applications is performed and model for testing the application is built dynamically. b. Statistical Testing -Input Sequence is generated to test the interactions with web applications based on the profile use of the web application. c. Mutation Testing -The technique of introducing faulty code (called mutants) into the source code deliberately at predetermined points and testing the software to uncover any unknown errors. It is one of the effective coverage criterion techniques for testing of web applications [46]. d. Combinatorial Interaction Testing -Using a combination of different techniques by first designing a unique input space matrix for the web application e. Penetration Testing -Automated tests which are run simulating the active attacks to expose the susceptibilities of the web applications. f. Search Based Software Engineering Testing -Exploration of solutions within a state space and calculating a fitness function to the solution iteratively until we arrive at a most optimal solution. The technique is employed for branch coverage of web applications. g. Using UIO and Genetic Algorithms -Path selection is done based on a unique input/output (UIO) algorithm and automatic test case generation using Genetic Algorithms which results in the best test sequences. h. GUI Interaction Testing -GUI widgets events sequences are performed and the web application tested for correctness by observing the state of the GUI widgets. i. Web Application Slicing -Reduced web application which behaves completely as the original one with respect to some criterion and performing the testing. j. Cross Browser Compatibility testing -Subjecting web applications to deployment across different browsers for adherence to expected results. k. Hierarchical Strategy -High level operational profile is developed enumerating frequency of use of operations and a high level function group to thoroughly test such an operation or related components is done. l. Bypass Testing -Bypass client side checking by providing invalid inputs to web application to check correctness and security of the web application. m. Leveraging User Session Data -Test cases are generated by applying strategies to collected user interactions in the form of URL's and name-value pairs. n. Browser Fuzzing By Scheduled Mutation -Browsers are validated by using the static and dynamic ways, the former based on the input format while the latter randomly executing instructions giving one input at a time. o. Invariant Based Technique -Testing the web application by crawling the web pages, and formally designing a state flow graph with all the possible user interaction sequences resulting in the possible user interface states. p. Model Based Testing Technique -Web application is reduced to a state transition graph and navigation through links is tested to ascertain correct behavior of the web application. A complete code coverage for any application assures thorough testing and higher probability of catching defects but the tester has to leverage upon the cost involved in complete code coverage verses the number of defects unearthed. A plethora of code coverage tools are available both open source and licensed for testing the web applications. A brief summary of all the various methods or techniques is presented in Table 1. A detailed study of each of the above mentioned techniques and their future research directions are consolidated in Table 2. The research directions highlighted in the table are directions in which the presenters of the respective work are heading towards. The technique needs to expand to cater to the languages supporting dynamic types and automation to simulate client side responses. [34] 7 Using UIO and Genetic Algorithms Scope for automation of input values which are manually provided by the tester. [20]

GUI Interaction Testing
Varied test lengths to be augmented and more automation to come up with partition making automated. [35] 9 Web Application Slicing Automation to build completely automated regression testing using the slicing method along with an improvisation in the selection of test cases.
[21], [22] 10 Cross Browser Compatibility Testing Development of a larger catalog of known DOM level differences between various browsers and automation for detecting differences between various browsers not listed at DOM level. [24] 11 Hierarchical Strategy Validation of approach by deploying it in the industry.
[23] 12 Bypass Testing Development of some automated framework to develop automated bypass tests. [36]

Leveraging User Session Data
Combination of traditional testing techniques and user-session data to be pursued further. Techniques for filtering user sessions and clustering algorithms can further be explored for taking the initial set of user sessions. Cost Effectiveness against traditional testing stands to be estimated and compared.
[37], [38] 14 Browser Fuzzing By Scheduled Mutation Development of a reproducing mechanism for recording crash input as it is difficult to record persistent information for browser fuzzing. New Seeds and methods to achieve more crashes. [39] 15 Invariant Based Technique Work needs to progress on how to capture user session data and expanding it to larger applications. [2] 16

Model Based Testing Technique
Need for the development of multiple tools and techniques to enhance adaptability. [40]

TOOLS FOR WEB APPLICATION TESTING
A review of some of the automated testing tools and the type of testing supported by the tools led the survey to some interesting facts that there are not many tools available for testing the non-functional  Table 3. A comparative study of the tools is presented in Table 3.

RESULTS AND ANALYSIS
There is a need for the development and devise of a new metric to indicate the health of a web application. A plotting (considering only the tools under study) of the no. of tools vs the type of testing supported by each tool is presented in Figure 3. It is evident that there are not many tools testing the nonfunctional attributes of web applications like reliability, trustworthiness, and fault tolerance are not readily available. There is still however a dearth for open source tools using mutation analysis techniques which can perform automated test case execution based on mutation analysis while optimizing the test suite.

CONCLUSIONS
Tools for assessing the non-functional requirements in general are less where non-functional requirements actually play a key role in customer retention and popularity of the web application. Specifically non-functional requirements like usability, compatibility are absolutely in oblivion when it comes to testing. It is observed that with the web making a paradigm shift to the web services like SOAP, REST, and WSDL et.al. Compatibility testing of web applications is quite challenging and an area of growing concern where not much progress is seen in the earlier works. There is a dire need for a testing strategy for testing such non-functional requirements. Proposal of a metric to test the adequacy of test suite for exhaustive testing of a web application is the need of the hour. A metric to indicate the overall health of a web application needs to be proposed.
There is a need for development of a framework to support automated testing of a web application for the proposed strategy. With the entire web moving towards cloud based services, at the next level it is important to explore the testing of web applications on cloud. A panoramic view of testing web applications shows a need for a testing tool that can be deployed online in order to observe the dynamic behavior of web applications, as it is always difficult to catch such bugs as the web applications are often tested on standalone tools. The potential of testing techniques like mutation testing has not been completely tapped with testing web applications. There is a lot of scope to expand the horizons of mutation testing technique with web applications and unleashing its real potential. There is scope for the proposal and validation of some additional mutation operators pertaining to challenges like session management, cookie management where different languages like jsp, python can be explored to present more operators for mutating the web applications. Scope for optimization of regression test suites using appropriate techniques still exists. IJECE ISSN: 2088-8708 