Innovation and evolution in integrated web application testing with TTCN-3

  • Bernard Stepien
  • Liam PeytonEmail author


Over the last 10 years there has been continuous innovation and evolution in the technology of web applications. While originally designed as a telecom testing platform, TTCN-3 has proven to be a flexible and powerful platform for web application testing throughout this period. Major challenges to testing have been integration with unit test frameworks, service-oriented architecture, rich client interfaces, and security vulnerabilities. Through careful analysis and practical experience in industrial projects we have developed mechanisms to address each of these aspects of web application testing in TCN-3. These mechanisms are summarized here with examples drawn from our industrial experience to show how TTCN-3 provides significant advantages for testing web applications in comparison to other tools typically used in industry. We also present a significant extension to the model architecture for TTCN-3 which greatly facilitates web application testing that has been implemented by a major vendor and is now under consideration by the ETSI standards committee.


TTCN-3 Web applications  Test specification language Unit test framework  Service-oriented architecture Security Penetration testing 



The authors would like to thank Testing Technologies IST GmbH for providing us the necessary tool—TTworkbench to carry out this research.


  1. 1.
    Bertolino, A., Frantzen, L., Polini, A., Tretmans, J.: Audition of web services for testing conformance to open specified protocols. In: Reussner, R., Stafford, J., Szyperski, C. (eds.) Architecting Systems with Trustworthy Components. LNCS, vol. 3938. Springer, Berlin (2006)Google Scholar
  2. 2.
    Erl, T.: Service-Oriented Architecture: A Field Guide to Integrating XML and Web Services. Prentice Hall PTR, Englewood Cliffs (2004). ISBN 0-13-142898-5Google Scholar
  3. 3.
    ETSI ES 201 873–1: The Testing and Test Control Notation version 3. Part1: TTCN-3 Core notation, V4.3.1. (2011)Google Scholar
  4. 4.
    Mesbah, A., van Deursen, A.: An architectural style for AJAX. In: Proceedings of the 6th Working IEEE/IFIP Conference on Software Architecture (WICSA’07). IEEE Computer Society, Silver Spring (2007)Google Scholar
  5. 5.
    Rankin, C.: The software testing automation framework. IBM Syst. J. Softw. Test. Verif. 41(1) (2002)Google Scholar
  6. 6.
    Tan, R.P., Edwards, S.H.: Experiences Evaluating the Effectiveness of JML-JUnit Testing. In: ACM SIGSOFT Software Engineering Notes, vol. 29, issue no. 5. (2004)Google Scholar
  7. 7.
    W3C Working Group: Web services architecture. In: Note 11 February 2004. Accessed on July, 2012
  8. 8.
    Xiong, P., Probert, R.L., Stepien, B.: An Efficient Formal Testing Approach for Web Service with TTCN-3. SoftCom 2005, September (2005)Google Scholar
  9. 9.
    Peyton, L., Stepien, B., Seguin, P.: Integration testing of composite applications. In: Proceedings of the 41st Hawaii International Conference on System Sciences (HICSS 2008). (2008) ISSN:1530–1605Google Scholar
  10. 10.
    Bai, X., Dai, G., Xu, D., Tsai, W.: A multi-agent based framework for collaborative testing on web services. In: Proceedings of the Fourth IEEE Workshop on Software Technologies for Future Embedded and Ubiquitous Systems (2006)Google Scholar
  11. 11.
    OASIS: Web Services Composite Application Framework. Accessed on July 2012
  12. 12.
    Tsai, W.T., Huang, Q., Xiao, B., Chen, Y.: Verification framework for dynamic collaborative services in service-oriented architecture. In: Sixth International Conference on Quality Software (QSIC’06), pp. 313–320. (2006)Google Scholar
  13. 13.
    Stepien, B., Xiong, P., Peyton, L.: A systematic approach to web application penetration testing using TTCN-3. In: Babin, G., Stanoevska-Slabeva, K., Kropf, P. (eds.) MCETECH 2011, LNBIP 78, pp. 1–16. Springer, Berlin (2011)Google Scholar
  14. 14.
    HtmlUnit. Accessed on July 2012
  15. 15.
    Manzuik, S., Gold, A., Gatford, C.: Network Security Assessment: from Vulnerability to Patch. Syngress Publishing, Boston (2007)Google Scholar
  16. 16.
    Arkin, B., Stender, S., McGraw, G.: Software penetration testing. In: IEEE Security & Privacy, vol. 3, issue no. 1, pp. 84–87. (2005)Google Scholar
  17. 17.
    Bishop, M.: About penetration testing. In: IEEE Security & Privacy, vol. 5, issue no. 6, pp. 84–87. (2007)Google Scholar
  18. 18.
    Stepien, B., Peyton, L., Xiong, P.: Framework testing of web applications using TTCN-3. Int. J. Softw. Tools Technol. Transf. 10(4), 371–381 (2008)CrossRefGoogle Scholar
  19. 19.
    ETSI ES 201 873–5: The Testing and Test Control Notation version 3. Part 5: TTCN-3 Runtime Interface (TRI), V4.3.1. June 2011 (2008)Google Scholar
  20. 20.
    ETSI ES 201 873–6: The Testing and Test Control Notation version 3. Part 6: TTCN-3 Control Interface (TCI), V4.3.1. June 2011 (2008)Google Scholar
  21. 21.
    Stepien, B., Peyton, L., Shang, M., Vassiliou-Gioles, T.: An integrated TTCN-3 test framework architecture for interconnected object-based internet applications. Int. J. Electron. Bus. Indersci. (2012) Google Scholar
  22. 22.
    Rentea, C., Schieferdecker, I., Cristea, V.: Ensuring quality of web applications by client-side testing using TTCN-3. In: ICWE 2009 (2009)Google Scholar
  23. 23.
    DBUnit: Accessed on July 2012

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.School of Electrical Engineering and Computer ScienceUniversity of OttawaOttawaCanada

Personalised recommendations