Reverse Engineering, Testing, Quality Assessment of Web Applications

Giuseppe A. Di Lucca, Anna Rita Fasolino, F. Pace, Porfirio Tramontana, Ugo de Carlini:WARE: A Tool for the Reverse Engineering of Web Applications. CSMR 2002: 241-250

The development of Web sites and applications is increasing dramatically to satisfy the market requests. The software industry is facing the new demand under the pressure of a very short time-to-market and an extremely high competition. As a result, Web sites and applications are usually developed without a disciplined process: Web applications are directly coded and no, or poor, documentation is produced to support the subsequent maintenance and evolution activities, thus compromising the quality of the applications. This paper presents a tool for reverse engineering Web applications. UML diagrams are used to model a set of views that depict several aspects of a Web application at different abstraction levels. The recovered diagrams ease the comprehension of the application and support its maintenance and evolution. A case study, carried out with the aim of assessing the effectiveness of the proposed tool, allowed relevant information about some real Web applications to be successfully recovered and modeled by UML diagrams.

Porfirio Tramontana:

Reverse Engineering Web Applications. ICSM 2005: 705-708

The heterogeneous and dynamic nature of components making up a Web application, the lack of effective programming mechanisms for implementing basic software engineering principles in it, and undisciplined development processes induced by the high pressure of a very short time-to-market, make Web application maintenance a challenging problem. A relevant issue consists of reusing the methodological and technological experience in the sector of traditional software maintenance, and exploring the opportunity of using reverse engineering to support effective Web application maintenance. This article presents an approach for reverse engineering Web applications. The approach include the definition of reverse engineering methods and supporting software tools, that help to understand existing undocumented Web applications to be maintained or evolved, through the reconstruction of UML diagrams. Some validation experiments have been carried out and they showed the usefulness of the proposed approach and highlighted possible areas for improvement of its effectiveness.

Giuseppe A. Di Lucca, Anna Rita Fasolino, Porfirio Tramontana, Ugo de Carlini:

Reverse Engineering Web Applications Using the Ware Tool. Tools for Software Maintenance and Reengineering 2005: 116-140

Giuseppe A. Di Lucca, Anna Rita Fasolino, F. Pace, Porfirio Tramontana, Ugo de Carlini:

Comprehending Web Applications by a Clustering Based Approach. IWPC 2002: 261-270

The number and complexity of Web applications are increasing dramatically to satisfy market needs, and the need of effective approaches for comprehending them is growing accordingly. Recently, reverse engineering methods and tools have been proposed to support the comprehension of a Web application; the information recovered by these tools is usually rendered in graphical representations. However, the graphical representations become progressively less useful with large-scale applications, and do not support adequately the comprehension of the application. To overcome this limitation, we propose an approach based on a clustering method for decomposing a Web application (WA) into groups of functionally related components. The approach is based on the definition of a coupling measure between interconnected components of the WA that takes into account both the typology and topology of the connections. The coupling measure is exploited by a clustering algorithm that produces a hierarchy of clustering. This hierarchy allows a structured approach for comprehension of the Web application to be carried out. The approach has been experimented with medium sized Web applications and produced interesting and encouraging results.

Giuseppe A. Di Lucca, Anna Rita Fasolino, Porfirio Tramontana:

Towards a Better Comprehensibility of Web Applications: Lessons Learned from Reverse Engineering Experiments. WSE 2002: 33-42

The rapid diffusion of the Internet has triggered a growing request for new Web sites and Web applications (WA). Due to the pressing market demand, new WAs are usually developed in a very short time, while existing WAs are modified frequently and quickly. In these conditions, well-known software engineering principles are not usually applied, and well-defined software processes and methodologies are rarely adopted. As a consequence, WAs usually present disordered architectures, poor or non-existing documentation, and can be analyzed, comprehended and modified only with considerable effort. Reverse engineering methods and tools are being proposed to reduce the effort required to comprehend existing WAs and to support their maintenance and evolution. In this paper, the experimentation of a reverse engineering approach is described Experimentation was carried out with the aim of assessing which characteristics of a WA mostly affect comprehensibility. The results of the experiments highlighted a set of techniques and best practices that should be applied for producing the best analyzable and maintainable WAs. These best practices are illustrated in the paper.

Giuseppe A. Di Lucca, Anna Rita Fasolino, Porfirio Tramontana, Ugo de Carlini:

Recovering a Business Object Model from Web Applications. COMPSAC 2003: 348-

The growing market request for Web applications is forcing software industries to produce applications under the pressure of a short time-to-market and a strong competition, with the consequence that low quality and poor documented software is often produced. Maintaining, evolving or comprehending these applications are not straightforward tasks, and reverse engineering processes should be defined and validated to support them. In this paper a reverse engineering approach for reconstructing an object-oriented conceptual model of the application domain of a Web application is presented. The proposed approach defines a process that reconstructs the model in three steps. In each step, heuristic criteria exploiting source code analysis are used for the identification of objects and their relationships. Tools for implementing this method have been produced, and experiments for validating it have been carried out with the support of case studies. Experimental results showed the feasibility and the effectiveness of the proposed approach.

Giuseppe A. Di Lucca, Anna Rita Fasolino, Porfirio Tramontana, Ugo de Carlini:

Abstracting Business Level UML Diagrams from Web Applications. WSE 2003: 12-19

In this paper, a reverse engineering approach for reconstructing UML diagrams at business level of the application domain of a Web application is presented. In particular, the approach allows the reconstruction of the UML class diagram providing an object-oriented conceptual model of the application domain, sequence diagrams modeling the interactions among the identified business objects and use case diagrams modeling the user functionalities provided by the Web Application. Heuristic criteria exploiting source code analysis are used for recovering the diagrams. Tools for implementing these criteria have been produced, and experiments for validating them have been carried out with the support of case studies. Experimental results showed the feasibility and the effectiveness of the proposed approach.

Giuseppe A. Di Lucca, Anna Rita Fasolino, Porfirio Tramontana, Ugo de Carlini:

Supporting Concept Assignment in the Comprehension of Web Applications. COMPSAC 2004: 492-497

An approach providing automatic support in the assignment of concepts to documents recovered by reverse engineering Web applications is presented. Web pages composing Web applications usually include relevant textual information from the domain of the application, while different editing formats are used for emphasising to the end users the various concepts provided by the pages. The proposed concept assignment approach exploits both the textual information contained in the Web pages, and the editing formal used to display it in order to identify automatically a set of candidate concepts describing a Web page or a set of pages. These concepts can be used by maintainers involved in the task of assigning a meaning to software artefacts recovered by reverse engineering the Web applications. Validation experiments carried out with Web applications selected from the real world showed the validity of the proposed approach. The experimental results are presented in the paper.

Giuseppe A. Di Lucca, Anna Rita Fasolino, Porfirio Tramontana:

Web Pages Classification using Concept Analysis. ICSM 2007: 385-394

Analysis and classification of Web application user interfaces is a relevant problem in Web maintenance processes. This paper presents an approach for the reliable classification of HTML pages of a dynamic Web application. The approach is based on the assumption that groups of semantically equivalent built pages are characterized by the same key features which can be used for discriminating the pages. These features are obtained by an iterative process that exploits formal concept analysis for finding features that are specific for each class of pages. The process is supported by a toolkit that allows an effective definition of the discriminating features. The approach has been preliminarily validated with an experiment that produced encouraging results.

Giuseppe A. Di Lucca, Anna Rita Fasolino, Porfirio Tramontana:

Recovering Interaction Design Patterns in Web Applications. CSMR 2005: 366-374

In the last years, appropriate user interaction design patterns for Web applications have been defined to improve the development and quality of such applications. Identifying which interaction design patterns are implemented in the Web client pages of an existing application may make easier some maintenance tasks, such as the re-engineering of the user interfaces. In this paper a method to support the automatic identification of interaction design patterns implemented in a Web client page is proposed. The method is based on reverse engineering techniques aiming to search the page code for those features characterizing a pattern.

Domenico Amalfitano, Anna Rita Fasolino, Porfirio Tramontana:
A Tool-Supported Process for Reliable Classification of Web Pages. FGIT-ASEA 2009: 338-345

Reliable classification of Web Application User Interfaces for the aim of extracting specific data for each class of interfaces is a fundamental task in migration, testing and reverse engineering processes involving existing Web Applications. A feasible and reliable classification approach is the one that exploits combinations of Web pages structural features for discriminating the page equivalence class. This paper presents a technique based on an iterative process that allows classification rules composed of Web pages structural features to be deduced in dynamically generated web pages. The process is supported by a tool that partially automates the process steps. In order to assess the process feasibility and cost effectiveness, a case study addressing the problem of generating classification rules for a real Web application has been carried out.

Porfirio Tramontana, Domenico Amalfitano, Anna Rita Fasolino:
Reverse engineering techniques: From web applications to rich Internet applications. WSE 2013: 83-86

Web systems evolved in the last years starting from static websites to Web applications, up to Ajax-based Rich Internet Applications (RIAs). Reverse Engineering techniques followed the same evolution, too. The authors and many other WSE contributors proposed a lot of innovative and effective ideas providing important advances in the reverse engineering field. In this paper, we will show the historical evolution of reverse engineering approaches for Web Systems with particular attention to the ones presented in the WSE events.

Giuseppe A. Di Lucca, Anna Rita Fasolino, Porfirio Tramontana, Ugo de Carlini:

Identifying reusable components in web applications. IASTED Conf. on Software Engineering 2004: 526-531

The growing market request for Web Applications is forcing software industries to produce applications under the pressure of a short time-to-market and a strong competition, with the consequence that low quality and poor documented software is often produced. Maintaining, evolving or comprehending these applications are not straightforward tasks, and reverse engineering processes should be defined and validated to support them. In this paper a reverse engineering approach for reconstructing an object-oriented conceptual model of the application domain of a Web Application is presented. The proposed approach defines a process that reconstructs the model in three steps. In each step, heuristic criteria exploiting source code analysis are used for the identification of objects and their relationships. Tools for implementing this method have been produced, and experiments for validating it have been carried out with the support of case studies. Experimental results showed the feasibility and the effectiveness of the proposed approach.

Paolo Tonella, Filippo Ricca, Emanuele Pianta, Christian Girardi, Giuseppe A. Di Lucca, Anna Rita Fasolino, Porfirio Tramontana:

Evaluation Methods for Web Application Clustering. WSE 2003: 33-40

Clustering of the entities composing a Web application (static and dynamic pages) can be used to support program understanding, However, several alternative options are available when a clustering technique is designed for Web applications. The entities to be clustered can be described in different ways (e.g., by their structure, by their connectivity, or by their content), different similarity measures are possible, and alternative procedures can be used to form the clusters. The problem is how to evaluate the competing clustering techniques in order to select the best for program understanding purposes. In this paper, two methods for clustering evaluation are considered, the gold standard and the task oriented approach. The advantages and disadvantages of both of them are analyzed in detail. Definition of a gold standard (reference clustering) is difficult and prone to subjectivity. On the other side, an evaluation based on the level of support given to task execution is expensive and requires careful experimental design. Guidelines and examples are provided for the implementation of both methods.

Giuseppe A. Di Lucca, Anna Rita Fasolino, Porfirio Tramontana:

A Technique for Reducing User Session Data Sets in Web Application Testing. WSE 2006: 7-13

Exploiting user session data is a promising approach for testing a Web application. However, the effectiveness of user session testing techniques depends on the set of collected user session data: the wider this set, the greater the capability of the approach to detect failures, but the wider the user session data set, the greater the cost of collecting, analysing and storing data. In this paper, a technique for reducing a set of user sessions into an equivalent smaller one will be proposed. This technique allows equivalent user behaviours included in user sessions to be identified and classified, and produces a reduced set of user sessions that can be used to design test suites with a reduced effort. Some preliminary case studies were carried out to validate the proposed technique and to evaluate its effectiveness. Results of a case study will be presented in the paper

Anna Rita Fasolino, Domenico Amalfitano, Porfirio Tramontana:
Web application testing in fifteen years of WSE. WSE 2013: 35-38

Over the last fifteen years, Web applications have evolved from the early simple and hyper-text based ones into the more complex, interactive, usable and adaptive applications of the new generations. New paradigms, architectures, and technologies for developing Web-based systems continuously emerge and transform this specific context. At the same time, new techniques and tools for effectively testing them have been proposed. This paper reports some relevant contributions about the Web application testing topic that appeared in the past editions of the Web Systems Evolution international symposium (WSE) and discusses some future trends for this specific field.

Carmine Cesarano, Anna Rita Fasolino, Porfirio Tramontana:
Improving Usability of Web Pages for Blinds. WSE 2007: 97-104

Warranting the access to Web contents to any citizen even to people with physical disabilities, is a major concern of many government organizations. Although guidelines for Web developers have been proposed by international organisations (such as the W3C) to make Web site contents accessible, the wider part of today' Web sites are not completely usable by peoples with sight disabilities. In this paper, two diferent approaches for dynamically transforming Web Pages into Aural Web Pages, i.e. pages that are optimised for blind peoples, will be presented. The approaches exploit heuristic techniques for summarising Web pages contents and providing them to blind users in order to improve the usability of Web sites. The techniques have been validated in an experiment where usability metrics have been used to assess the effectiveness of the Web page transformation techniques.

Giuseppe A. Di Lucca, Anna Rita Fasolino, Porfirio Tramontana:

Web Site Accessibility: Identifying and Fixing Accessibility Problems in Client Page Code. WSE 2005: 71-78

Web accessibility is an important issue to address along Web application development. Accessibility aims to allow the access to the content of the Web application even in presence of reduced hardware/software configurations on the client side of the application (such as browser configurations disabling graphical visualization, or scripting execution), or of users with physical disabilities (such as blind people). Some guidelines and rules have been defined by several organizations to grant and assess Web accessibility. This paper presents an approach to verify if the code of client pages of an existing application does not meet some accessibility rules or guidelines, making the application not accessible to some groups of users. A model representing the several features involved in the identification of accessibility problems that client page code may contain has been defined. This model is mainly based on the recent Web Content Accessibility Guidelines 2.0 Working Draft. A tool supporting the accessibility analysis and the fixing of the identified problems has been developed. Results from a case study carried out by using the proposed approach are presented and discussed.

Holger M. Kienle, Porfirio Tramontana, Scott R. Tilley, Davide Bolchini:

Ten years of access for all from WSE 2001 to WSE 2011. WSE 2011: 99-104

At WSE 2001 the theme was Access for All. A decade later, this theme is revisited for WSE 2011. We take this opportunity to discuss the past, present, and future of Web accessibility. Five representative categories of Web accessibility are considered: accommodating disabilities, Web literacy, user interfaces, lingual barriers, and open data.

Giuseppe A. Di Lucca, Anna Rita Fasolino, M. Mastoianni, Porfirio Tramontana:

Identifying Cross Site Scripting Vulnerabilities in Web Applications. WSE 2004: 71-80

Cross site scripting (XSS) is a vulnerability of a Web application that is essentially caused by the failure of the application to check up on user input before returning it to the client's Web browser. Without an adequate validation, user input may include malicious code that may be sent to other clients and unexpectedly executed by their browsers, thus causing a security attack. Techniques to prevent this type of attacks require that all application input must be checked up and filtered, encoded, or validated before sending them to any user. In order to discover the XSS vulnerabilities in a Web application, traditional source code analysis techniques can be exploited. In this paper, in order to assess the XSS vulnerability of a Web application, an approach that combines static and dynamic analysis of the Web application is presented. Static analysis based criteria have been defined to detect potential vulnerabilities in the server pages of a Web application, while a process of dynamic analysis has been proposed in order to detect actual vulnerabilities. Some case studies have been carried out, giving encouraging results.

Porfirio Tramontana, Thomas R. Dean, Scott R. Tilley:

Research Directions in Web Site Evolution II: Web Application Security. WSE 2007: 105-106

The growth of inexpensive bandwidth and the maturation of Web development technology have enabled a significant adoption of Web-based applications for interactions between customers and business, between businesses, and between citizens and institutions. However, those same improvements in bandwidth and corresponding rise in Web system complexity has also been of use to those with malicious intent. Thus Web security (the applications and the site itself) is of increasing importance to academics, industry, and government. This working session is meant to stimulate discussion among all symposium participants related to research directions in Web security.

Domenico Amalfitano, Anna Rita Fasolino, Porfirio Tramontana:

Using dynamic analysis for generating end user documentation for Web 2.0 applications. WSE 2011: 11-20

The relevance of end user documentation for improving usability, learnability and operability of software applications is well known. However, software processes often devote little effort to the production of end user documentation due to budget and time constraints, or leave it not up-to-date as new versions of the application are produced. In particular, in the field of Web applications, due to their quick release time and the rapid evolution, end user documentation is often lacking, or it is incomplete and of poor quality. In this paper a semi-automatic approach for user documentation generation of Web 2.0 applications is presented. The approach exploits dynamic analysis techniques for capturing the user visible behaviour of a web application and, hence, producing end user documentation compliant with known standards and guidelines for software user documentation. A suite of tools support the approach by providing facilities for collecting user session traces associated with use case scenarios offered by the Web application, for abstracting a Navigation Graph of the application, and for generating tutorials and procedure descriptions. The obtained documentation is provided in textual and hypertextual formats. In order to show the feasibility and usefulness of the approach, an example of generating the user documentation for an existing Web application is presented in the paper.

Giuseppe A. Di Lucca, Anna Rita Fasolino, Porfirio Tramontana, Corrado Aaron Visaggio:

Towards the Definition of a Maintainability Model for Web Applications. CSMR 2004: 279-287

The growing diffusion of Web-based services in many and different business domains has triggered the need for new Web applications (WAs). The pressing market demand imposes very short time for the development of new WAs, and frequent modifications for existing ones. Well-defined software processes and methodologies are rarely adopted both in the development and maintenance phases. As a consequence, WAs' quality usually degrades in terms of architecture, documentation, and maintainability. Major concerns regard the difficulties in estimating costs of maintenance interventions. Thus, a strong need for methods and models to assess the maintainability of existing WAs is growing more and more. In this paper we introduce a first proposal for a WA maintainability model; the model considers those peculiarities that makes a WA different from a traditional software system and a set of metrics allowing an estimate of the maintainability is identified. Results from some initial case studies to verify the effectiveness of the proposed model are presented in the paper.

Giuseppe A. Di Lucca, Massimiliano Di Penta, Anna Rita Fasolino, Porfirio Tramontana:Supporting Web Application Evolution by Dynamic Analysis. IWPSE 2005: 175-186

The evolution of Web applications needs to be supported by the availability of proper analysis and design documents. UML use case diagrams are certainly useful to identify features to evolve, as well as to study the Web application evolution in terms of features added/removed or changed. Unfortunately, very often the only source of documentation available is constituted by the Web application source code. This paper proposes an approach to abstract use case diagrams from execution traces of a Web application. The approach is mainly based on the analysis of a graph modelling the transitions between the pages navigated along user sessions and the clustering of the navigated pages. A case study carried out to validate the proposed approach and showing its feasibility is reported in the paper.