Due to the importance of Web application testing techniques for detecting faults and assessing quality attributes, many research papers were published in this field. For this reason, it became essential to analyse, classify and summarize the research in the field. The main goal of this research is to provide a classification or categorization of Web applications testing techniques or approaches to help researchers and practitioners to understand the current state-of-the-art in this field and find it easier to focus their research on the areas that had received less attention. To achieve this goal, this research conducted a systematic mapping study on 98 research papers in the field of Web applications testing published between 2008 and 2021. This mapping study resulted in a classification schema that categorizes the papers in this field into: model-based testing category, security testing category, and other types of testing categories. In model-based testing of Web applications, research papers were classified according to the model used for test data generation, while the research papers in the field of Web applications security testing were classified according to the targeted vulnerability. The results showed that the most commonly used Web applications testing techniques in literature are model-based testing and security testing. Besides, the most commonly used models in model-based testing are finite-state machines. The most targeted vulnerability in security testing is SQL injection. Test automation is the most targeted testing goal in both model-based and security testing. For other Web applications testing techniques, the main goals of testing were test automation, test coverage, and assessing security quality attributes.