Collaborative application testing

What is claimed is: 1. A computer-implemented method comprising: performing, at a computing device, actions for an analysis of a web application, wherein the analysis includes a static analysis mapping out one or more security sources and sinks in the web application and determine one or more potentially vulnerable flows between the one or more security sources and the sinks in the web application, wherein the analysis is attributed to an individual member of a collaborative group of web application testers, and wherein the analysis of the web application includes automatically injecting a test payload into the web application and validating whether the web application transitions into an illegal state; receiving a request at the web application for the test payload; creating, by the web application, a response to the request; annotating the response to the test payload in client-side form sent by the web application with coverage data in one or more fields of the response to the request based upon, at least in part, results of the analysis of the web application, wherein the coverage data indicates each action that has been performed by each individual member of the collaborative group on the web application, including injection of the test payload, with the test coverage data, and which actions have not been performed on the web application wherein the response includes one or more indications of coverage metrics, wherein the one or more indications of coverage metrics includes at least one of an indication of which client-side form has not mutated and would potentially lead to vulnerability, an indication of which web based transition should be taken from the client-side form to reach a security-relevant form, and an indication of which input should be used to trigger a security vulnerability via a particular field of the one or more fields of the response to the request; and sharing the response that includes the coverage data with one or more users, wherein sharing includes quantifying the coverage data performed by at least one user, and wherein quantifying indicates previously completed work by the at least one user and includes, at least one of, preventing the one or more users from repeating the completed work and preventing the one or more users from missing incomplete work assumed to have been completed by the at least one user. 2. The computer-implemented method of claim 1 wherein the response includes a Hypertext Markup Language response. 3. The computer-implemented method of claim 1 further comprising: performing a second analysis of the web application; annotating a second response by the web application with additional coverage data based upon, at least in part, results of the second analysis; and sharing the second response with one or more users, wherein the second response includes the coverage data and the additional coverage data. 4. The computer-implemented method of claim 1 further comprising storing the coverage data at the computing device. 5. The computer-implemented method of claim 1 wherein the response that includes the coverage data is shared with a user that did not initiate the analysis. 6. The computer-implemented method of claim 1 wherein the response that includes the coverage data is shared automatically based upon, at least in part, completing at least a portion of the analysis of the web application. 7. The computer-implemented method of claim 1 , wherein sharing the response that includes the coverage data with the one or more users of the user-defined group includes selecting one or more additional users to add to the user-defined group.