Web Engineering

Web Engineering



The Web has become a major delivery platform for a variety of complex and sophisticated enterprise applications in several domains. In addition to their inherent multifaceted functionality, these Web applications exhibit complex behavior and place some unique demands on their usability, performance, security and ability to grow and evolve. However, a vast majority of these applications continue to be developed in an ad-hoc way, contributing to problems of usability, maintainability, quality and reliability. While Web development can benefit from established practices from other related disciplines, it has certain distinguishing characteristics that demand special considerations. In recent years, there have been developments towards addressing these considerations.

As an emerging discipline, Web engineering actively promotes systematic, disciplined and quantifiable approaches towards successful development of high-quality, ubiquitously usable Web-based systems and applications. In particular, Web engineering focuses on the methodologies, techniques and tools that are the foundation of Web application development and which support their design, development, evolution, and evaluation. Web application development has certain characteristics that make it different from traditional software, information system, or computer application development.

Web engineering is multidisciplinary and encompasses contributions from diverse areas: systems analysis and design, software engineering, hypermedia/hypertext engineering, requirements engineering, human-computer interaction, user interface, information engineering, information indexing and retrieval, testing, modelling and simulation, project management, and graphic design and presentation. Web engineering is neither a clone, nor a subset of software engineering, although both involve programming and software development. While Web Engineering uses software engineering principles, it encompasses new approaches, methodologies, tools, techniques, and guidelines to meet the unique requirements of Web-based applications.



Web engineering is basically all about designing and promoting web based systems. “The application of systematic and quantifiable approaches to cost-effective analysis, design, implementation, testing, operation, and maintenance of high-quality Web applications.”

 the Internet and World Wide Web have become ever-present, exceeding all other technological developments in our history. They’ve also grown rapidly in their scope and extent of use, significantly affecting all aspects of our lives. Industries such as manufacturing, travel and hospitality, banking, education, and government are Web enabled to improve and enhance their operations.

Complexity of Web applications Web applications have the complexity of designing, developing, maintaining, and managing these systems have also increased significantly. i.e. such as for the 2000 Sydney Olympics, 1998 Nagano Olympics, Web crisis 5. Delivered systems didn’t meet business needs 84% of the time. 6. Projects exceeded the budget 63% of the time. 7. Delivered systems didn’t have the required functionality 53% of the time. 8. Deliverables were of poor quality 52% of time.

Web engineering versus software engineering Developing Web-based systems is significantly different from traditional software development and cause many additional challenges. There are slight differences in the nature and life cycle of Web-based and software systems. Multidisciplinary Building a complex Web-based system calls for knowledge and expertise from many different disciplines and requires a team of various people with expertise in different areas.

Web engineering activities
1. Web engineering deals with all aspects of Web-based systems development.
2. Starting from conception and development to implementation.
3. Performance evaluation.
4. Continual maintenance.
5. Building and deploying a Web-based system
involves multiple, iterative steps

What is Web Engineering?
 Web Engineering is the application of systematic, disciplined and quantifiable approaches to development, operation, and maintenance of Web- based applications. It is both a pro-active approach and a growing collection of theoretical and empirical research in Web application development.



Need for Web Engineering: The need for Web Engineering is felt according to perceptions of the developers and managers In the early stages of Web development.
1. Web Developers Experience, New Technologies
2. Characteristics and Complexity of Web Applications
3. Multidisciplinary Nature of Web Development

Evolution of Web Applications
It opened up a novel way of communication and the developers stretched the technologies to make the applications interactive, forcing, in turn, further, rapid innovations in technologies. Practice and Research Issues in Developing, Testing & Maintaining: Web development, and in particular, Web site creation and maintenance, are not merely technical activities. Web development affects the entire organization, including its interfaces with the world.

Methodologies:
1. Web Engineering has aims to improve. To this end, several methodologies have been proposed and the experience of their use reported as case studies.
2. Testing, Metrics and Quality: Each unit of a Web application such as page, code, site, navigation, standards, legal requirements must be tested. Web metrics and quality are interlinked. 3. Maintenance

Categories of Web Applications


1) Document centric Web sites
1. precursor to Web applications
2. stored on a Web server as ready-made, i.e. static, HTML documents and sent to the Web client in response to a request
3. contents are frequently represented redundantly on several Web pages
4. simplicity and stability
5. short response time
 
2)Interactive Web applications
1. web pages and links to other pages are generated dynamically according to user input
2. uses CGI, ASP, PHP and HTML form
3. e.g., virtual exhibitions, news sites, or timetable information

3)Transactional Web applications
1. provide more interactivity
2. performing updates on the underlying content
3. efficient and consistent handling of the increasing amount of content
4. offer the possibility of structured queries
5. e.g., online banking, online shopping, and booking systems

4)Workflow-based Web applications
1. handling of workflows between different companies, public authorities, and private users
2. availability of appropriate Web services to guarantee interoperability
3. e.g., Business-to-Business solutions (B2B solutions) in e-commerce, e-government applications,

5)Collaborative Web applications
1. especially for cooperation purposes in unstructured operations (groupware)
2. communication between the cooperating users
3. support shared information and workspaces
4. e.g, wiki, Weblogs, scheduling systems, e-learning platforms.

6)Portal-oriented Web applications
1. provide a single point of access to separate, potentially heterogeneous sources of information and services
2. e.g., online shopping malls, community portals

7)Ubiquitous Web applications
1. provides customized services anytime anywhere and for any device
2. facilitating ubiquitous access
3. either personalization or location-aware services or multi-platform delivery

8)Semantic Web
1. present information on the Web
-not merely for humans,
-but also in a machine readable form
2. facilitate knowledge management on the Web
-linking and reuse of knowledge (content syndication)
-locating new relevant knowledge
3. interoperation on the semantic level and the possibility of automating tasks (via software agents)

Characteristics of the Web Applications

1)Product-related
1. Content
-Document-centric character and multimediality
-Quality demands

2. Hypertext
-Non-linearity
-Disorientation and cognitive overload

3. Presentation
-Aesthetics
-Self-explanation

2)User-related
1. Social Context: Users
Spontaneity
Multiculturality

2. Technical Context: Network and Devices
Quality of Service
Multi-platform delivery

3. Natural Context: Location and Time
Globality
Availability

3)Development-related

4)Evolution

Requirements Engineering for Web Application

1. covers activities that are critical for the success of Web engineering

2. deals with principles, methods, and tools for eliciting, describing, validating, and managing requirements

3. has special challenges
-unavailable stakeholders,
-volatile requirements and constraints,
-unpredictable operational environments
-inexperience with Web technologies
-particular importance of quality aspects such as usability, or performance

4. important principles
-involvement of important stakeholders
-iterative identification of requirements
-awareness of the system architecture when -defining requirements
-consequent risk orientation

Requirement

1. IEEE 610.12 defines a requirement as
(1) a condition or capability needed by a user to solve a problem or achieve an objective;
(2) a condition or capability that must be met or possessed by a system or system component to satisfy a contract, standard, specification, or other formally imposed documents;
(3) a documented representation of a condition or capabilitys in (1) or (2).

2. Requirement categorized as
functional requirements,
non-functional requirements,
constraints

Requirements Engineering Activities
1. Requirements Elicitation and Negotiation
scenario-based methods, multicriteria decision processes, facilitation techniques, interviews, or document analysis
2. Requirements Documentation
Informal descriptions such as user stories, and semi-formal descriptions such as use cases are particularly relevant
3. Requirements Verification and Validation
Did we specify the right things? Did we specify things correctly?
4. Requirements Management
-Continuous changes of requirements and constraints are a major characteristic
-integration of new requirements and changes to existing requirements

RE Specifics in Web Engineering
1. Multidisciplinarity
multimedia experts, content authors, software architects, usability experts, database specialists, or domain experts

2. Unavailability of Stakeholders
-stakeholders (potential Web users) still unknown during RE activities
-project management needs to find suitable representatives that can provide realistic requirements

3. Volatility of Requirements and Constraints
-properties of deployment platforms or communication more difficult in RE for Web Application.
-new development platforms and standards, or new devices for end users

Principles for RE
1. Understanding the System Context
2. Involving the Stakeholders
3. Iterative Definition of Requirements
4. Focusing on the System Architecture
5. Risk Orientation

RE methods
Adapting RE Methods to Web Application Development
1. Which types of requirements are important for the Web application?
2. How shall requirements for the Web application be described and documented? What are useful degrees of detail and formality?
3. Shall the use of tools be considered? Which tools are suited for the particular project needs?

Requirement types
1. Functional requirements describe a system’s capabilities and services

2. Non-functional requirements describe the properties of capabilities and the desired level of services

3. Functional requirements are frequently described using use case scenarios and formatted specifications

4. Contents Requirements

5. Quality Requirements

6. System Environment Requirements

7. User Interface Requirements

8. Evolution Requirements

9. Project Constraints

Tools
1. Requirements Elicitation
2. Requirements Validation
3. Requirements Management

main technological components that make up modern Web pages
HTML – HyperText Markup Language
CSS – Cascading Style Sheets
JavaScript – um, JavaScript

HTML Components
Documents
Other terms

HTML pages are tag-based documents

1) Really plain ASCII text files
2) Dont look like documents they represent
3) Tags indicate how processing program should display text and graphics
4) Designed to describe hypertext, not paper
5) Processed by browsers "on the fly"
6) Tags usually appear in pairs
7) Most have reasonable names or mnemonics
8) Most can be modified by attributes/values

Thats How This...
<HTML>
<HEAD>
<BODY background="slate.gif">
<H1>Welcome</H1>
<IMG SRC="DOUGLAS.GIF" WIDTH="80" HEIGHT="107" ALT="Our Founder" BORDER="0">
<H2>A Message from the President </H2>
<P><font color=red>Good evening! Thank you for working late!</font></P>
<P>Hello and welcome to DougCo, Incorporated! Im <b>Douglas S. Michaels,</b> President and Founder,   <a href="acronyms.htm">COB, CEO, COO, and BBBWAIC</a>. Let me take this opportunity to congratulate you on obtaining employment here at DougCo; I want you to know that youve chosen to spend your career in one of the most worthwhile and rewarding endeavors possible making me richer!</P>

JavaScript

What JavaScript isn’t
-Java (object-oriented programming language)
-A "programmers-only" language

What JavaScript is
-Extension to HTML (support depends on browser)
-An accessible, object-based scripting language

What JavaScript is for
-Interactivity with the user
1. input (user provides data to application)
2. processing (application manipulates data)
3. output (application provides results to user)

Implementing JavaScript
1. Direct insertion into page (immediate)
2. Direct insertion into page (deferred)
3. Through external references
4. Embedded inline

-Most Web pages – remote or local – are a combination of those technologies

-Newer technologies like DHTML, XHTML, and XML are based on these
   
Web Application Architectures



In software development XRX is a web application architecture based on XForms, REST and XQuery. XRX applications store data on both the web client and on the web server in XML format and do not require a translation between data formats. XRX is considered a simple and elegant application architecture due to the minimal number of translations needed to transport data between client and server systems. The XRX architecture is also tightly coupled to W3C standards (CSS, XHTML 2.0, XPath, XML Schema) to ensure XRX applications will be robust in the future. Because XRX applications leverage modern declarative languages on the client and functional languages on the server they are designed to empower non-developers who are not familiar with traditional imperative languages such as JavaScript, Java or .Net.

The basic architecture of a web application includes browsers, a network and a web server. Browsers request "web pages" from the server. Each page is a mix of content and formatting instructions expressed with HTML. Some pages include client side scripts that are interpreted by the browser. These scripts define additional dynamic behavior for the display page and often interact with the browser, page content and additional controls (Applets, ActiveX controls and plug-ins) contained in the page. The user views and interacts with the content in the page. Sometimes the user enters in information in field elements in the page and submits them to the server for processing. The user can also interact with system by navigating to different pages in the system via hyperlinks. In either case, the user is supplying input to the system which may alter the "business state" of the system.

From the client’s perspective the web page is always an HTML formatted document. On the server however, a "web page" may manifest itself in a number of different ways. In the earliest web applications, dynamic web pages were built with the Common Gateway Interface (CGI). CGI defines an interface for scripts and compiled modules to use to gain access to the information passed along with a page request. In a CGI based system a special directory is typically configured on the web server to be able to execute scripts in response to page requests. When a CGI script is requested the server, instead of just returning the contents of the file (as it would for any HTML formatted file), processes or executes the file with the appropriate interpreter (usually a PERL shell) and streams the output back to the requesting client. The ultimate result of this processing is an HTML formatted stream that is sent back to the requesting client. Business logic is executed in the system while processing the file. During that time it has the potential to interact with server side resources such as databases and middle tier components.

Today’s web servers have improved upon this basic design. Today they are much more security aware, and include features like management of client state on the server, transaction processing integration, remote administration, resource pooling just to name a few. Collectively the latest generation of web servers are addressing those issues important to architects of mission critical, scalable and robust applications.

When looking at the role of CGI scripts, today’s web servers can be divided into three major categories; scripted pages, compiled pages, and a hybrid of the two. In the first category each web page that a client browser can request is represented on the web server’s file system as a scripted file. This file is typically a mix of HTML and some other scripting language. Then the page is requested the web server delegates the processing of this page to an engine that recognizes it, with the ultimate result an HTML formatted stream that is sent back to the requesting client. Examples of this are Microsoft’s Active Server Pages, Java Server Pages, and Cold Fusion.

n-layer architecture

In the second category, compiled pages, the web server loads and executes a binary component. This component, like with scripted pages has access to all the information that came along with the page request (values of form fields and parameters). The compiled code uses the request details, and typically accesses server side resources to produce the HTML stream returned to the client. Although not a rule, compiled pages tend to encompass a larger functionality that scripted pages. By passing parameters to the compiled page request different functionality can be obtained. Any one compiled component may actually include all the functionality of an entire directory scripted pages. The technologies that represent this type of architecture are Microsoft’s ISAPI, and Netscape’s NSAPI.

The third category represents scripted pages that once requested are compiled, and this compiled version is then used thereafter by all subsequent requests. Only when the original page’s contents change, while the page undergo another compile. This category is a compromise between the flexibility of scripted pages and the efficiency of compiled pages.

modeling web application
Web modeling (aka model-driven Web development) is a branch of Web engineering which addresses the specific issues related to design and development of large-scale Web applications. In particular, it focuses on the design notations and visual languages that can be used for the realization of robust, well-structured, usable and maintainable Web applications. Designing a data-intensive Web site amounts to specifying its characteristics in terms of various orthogonal abstractions. The main orthogonal models that are involved in complex Web application design are: data structure, content composition, navigation paths, and presentation model.

In the beginning of web development, it was normal to accessed Web applications by creating something with no attention to the developmental stage. In the past years, web design firms had many issues with managing their Web sites as the developmental process grew and complicated other applications. Web development tools have helped with simplifying data-intensive Web applications by using page generators. Microsofts Active Server Pages and JavaSofts Java Server Pages have helped by bringing out content and using user-programmed templates.

Web applications are becoming increasingly complex and mission critical. To help manage this complexity they need to be modeled. UML is the standard language for modeling software intensive systems. When attempting to model web applications with UML it becomes apparent that some of its components don’t fit nicely into standard UML modeling elements. In order to stick with one modeling notation for the entire system (web components, and traditional middle tier components) UML must be extended. This paper presents an extension to the UML (using its formal extension mechanism). The extension is designed so that web specific components can be integrated with the rest of the system’s model, and to exhibit the proper level of abstraction and detail for suitable for designers, implementers and architects of web applications.

Models help us understand the system by simplifying some of the details. The choice of what to model has an enormous effect on the understanding of the problem and the shape of the solution. Web applications, like other software intensive systems are typically represented with a set of models; use case model, implementation model, deployment model, security model, etc. An additional model used exclusively by web systems is the site map, an abstraction of the web pages and navigation routes throughout the system.

Most modeling techniques practiced today are well suited to development of the various models of a web application, and do not need further discussion. One very important model however; the Analysis/Design Model (ADM) does present some difficulties when an attempt is made to include web pages, and the executable code associated with them, alongside the other elements in the model.

Web Application Design
In this chapter, you will learn the general design considerations and key attributes for a Web application. This includes the guidelines for a layered structure; guidelines for performance, security, and deployment; and the key patterns and technology considerations.

A Web application is an application that can be accessed by the users through a Web browser or a specialized user agent. The browser creates HTTP requests for specific URLs that map to resources on a Web server. The server renders and returns HTML pages to the client, which the browser can display. The core of a Web application is its server-side logic. The application can contain several distinct layers. The typical example is a three-layered architecture comprised of presentation, business, and data layers. Figure 1 illustrates a typical Web application architecture with common components grouped by different areas of concern.

General Design Considerations

When designing a Web application, the goal of the software architect is to minimize the complexity by separating tasks into different areas of concern while designing a secure, high performance application. Follow these guidelines to ensure that your application meets your requirements, and performs efficiently in scenarios common to Web applications:

1. Partition your application logically. Use layering to partition your application logically into presentation, business, and data access layers. This helps you to create maintainable code and allows you to monitor and optimize the performance of each layer separately. A clear logical separation also offers more choices for scaling your application.

2. Use abstraction to implement loose coupling between layers. This can be accomplished by defining interface components, such as a façade with well known inputs and outputs that translates requests into a format understood by components within the layer. In addition, you can also use Interface types or abstract base classes to define a shared abstraction that interface components must implement.

3. Understand how components will communicate with each other. This requires an understanding of the deployment scenarios your application must support. You must determine if communication across physical boundaries or process boundaries should be supported, or if all components will run within the same process.

4. Consider caching to minimize server round trips. When designing a Web application, consider using techniques such as caching and output buffering to reduce round trips between the browser and the Web server, and between the Web server and downstream servers. A well designed caching strategy is probably the single most important performance related design consideration. ASP.NET caching features include output caching, partial page caching, and the Cache API. Design your application to take advantage of these features.
   
5. Consider logging and instrumentation. You should audit and log activities across the layers and tiers of your application. These logs can be used to detect suspicious activity, which frequently provides early indications of an attack on the system. Keep in mind that it can be difficult to log problems that occur with script code running in the browser.

6. Consider authenticating users across trust boundaries. You should design your application to authenticate users whenever they cross a trust boundary; for example, when accessing a remote business layer from the presentation layer.
   
7. Do not pass sensitive data in plaintext across the network. Whenever you must pass sensitive data such as a password or authentication cookie across the network, consider encrypting and signing the data or using Secure Sockets Layer (SSL) encryption.
   
8. Design your Web application to run using a least-privileged account. If an attacker manages to take control of a process, the process identity should have restricted access to the file system and other system resources in order to limit the possible damage.

Testing web  Applications


1.  Functionality Testing - The below are some of the checks that are performed but not limited to the below list:

Verify there is no dead page or invalid redirects.
First check all the validations on each field.
Wrong inputs to perform negative testing.
Verify the workflow of the system.
Verify the data integrity.

2. Usability testing - To verify how the application is easy to use with.

Test the navigation and controls.
Content checking.
Check for user intuition.

3. Interface testing - Performed to verify the interface and the dataflow from one system to other.

4. Compatibility testing- Compatibility testing is performed based on the context of the application.

Browser compatibility
Operating system compatibility
Compatible to various devices like notebook, mobile, etc.

5. Performance testing - Performed to verify the server response time and throughput under various load conditions.

Load testing - It is the simplest form of testing conducted to understand the behaviour of the system under a specific load. Load testing will result in measuring important business critical transactions and load on the database, application server, etc. are also monitored.

Stress testing - It is performed to find the upper limit capacity of the system and also to determine how the system performs if the current load goes well above the expected maximum.

 Soak testing - Soak Testing also known as endurance testing, is performed to determine the system parameters under continuous expected load. During soak tests the parameters such as memory utilization is monitored to detect memory leaks or other performance issues. The main aim is to discover the systems performance under sustained use.

 Spike testing - Spike testing is performed by increasing the number of users suddenly by a very large amount and measuring the performance of the system. The main aim is to determine whether the system will be able to sustain the work load.

6. Security testing - Performed to verify if the application is secured on web as data theft and unauthorized access are more common issues and below are some of the techniques to verify the security level of the system.

Injection
Broken Authentication and Session Management
Cross-Site Scripting (XSS)
Insecure Direct Object References
Security Misconfiguration
Sensitive Data Exposure
Missing Function Level Access Control
Cross-Site Request Forgery (CSRF)
Using Components with Known Vulnerabilities
Unvalidated Redirects and Forwards

Web Project Management
for more information check out following video


check out following site
ftp://217.219.170.14/Computer%20Group/Other%20Prof_/Mofidian/Resources%20for%20Translate/Web%20Engineering.pdf