1. Why Scalability and Load Testing is Important?
Some very high profile websites have suffered from serious outages and/or performance issues due to the number of people hitting their website. E-commerce sites that spent heavily on advertising but not nearly enough on ensuring the quality or reliability of their service have ended up with poor web-site performance, system downtime and/or serious errors, with the predictable result that customers are being lost.
When creating an ecommerce portal, companies will want to know whether their infrastructure can handle the predicted levels of traffic, to measure performance and verify stability.
These types of services include Scalability / Load / Stress testing, as well as Live Performance Monitoring.
Load testing tools can be used to test the system behavior and performance under stressful conditions by emulating thousands of virtual users. These virtual users stress the application even harder than real users would, while monitoring the behavior and response times of the different components. This enables companies to minimize test cycles and optimize performance, hence accelerating deployment, while providing a level of confidence in the system.
Once launched, the site can be regularly checked using Live Performance Monitoring tools to monitor site performance in real time, in order to detect and report any performance problems - before users can experience them.
2. Preparing for a Load Test
The first step in designing a Web site load test is to measure as accurately as possible the current load levels.
Measuring Current Load Levels
The best way to capture the nature of Web site load is to identify and track, [e.g. using a log analyzer] a set of key user session variables that are applicable and relevant to your Web site traffic.
Some of the variables that could be tracked include:
the length of the session (measured in pages)
the duration of the session (measured in minutes and seconds)
the type of pages that were visited during the session (e.g., home page, product information page, credit card information page etc.)
the typical/most popular ‘flow’ or path through the website
the % of ‘browse’ vs. ‘purchase’ sessions
the % type of users (new user vs. returning registered user)
Measure how many people visit the site per week/month or day. Then break down these current traffic patterns into one-hour time slices, and identify the peak-hours (i.e. if you get lots of traffic during lunch time etc.), and the numbers of users during those peak hours. This information can then be used to estimate the number of concurrent users on your site.
3. What Is Concurrent Users
Although your site may be handling x number of users per day, only a small percentage of these users would be hitting your site at the same time. For example, if you have 3000 unique users hitting your site on one day, all 3000 are not going to be using the site between 11.01 and 11.05 am.
So, once you have identified your peak hour, divide this hour into 5 or 10 minute slices [you should use your own judgments here, based on the length of the average user session] to get the number of concurrent users for that time slice.
4. Estimating Target Load Levels
Once you have identified the current load levels, the next step is to understand as accurately and as objectively as possible the nature of the load that must be generated during the testing.
Using the current usage figures, estimate how many people will visit the site per week/month or day. Then divide that number to attain realistic peak-hour scenarios.
It is important to understand the volume patterns, and to determine what load levels your web site might be subjected to (and must therefore be tested for).
There are four key variables that must be understood in order to estimate target load levels:
how the overall amount of traffic to your Web site is expected to grow
the peak load level which might occur within the overall traffic
how quickly the number of users might ramp up to that peak load level
how long that peak load level is expected to last
Once you have an estimate of overall traffic growth, you’ll need to estimate the peak level you might expect within that overall volume.
5. Estimating Test Duration
The duration of the peak is also very important-a Web site that may deal very well with a peak level for five or ten minutes may crumble if that same load level is sustained longer than that. You should use the length of the average user session as a base for determining the load test duration.
6. What is Ramp-up Rate
As mentioned earlier, although your site may be handling x number of users per day, only a small percentage of these users would be hitting your site at the same time.
Therefore, when preparing your load test scenario, you should take into account the fact that users will hit the website at different times, and that during your peak hour the number of concurrent users will likely gradually build up to reach the peak number of users, before tailing off as the peak hour comes to a close.
The rate at which the number of users builds up, the "Ramp-up Rate" should be factored into the load test scenarios (i.e. you should not just jump to the maximum value, but increase in a series of steps).
7. How to create the scenarios that are to be used to load test the web site?
The information gathered during the analysis of the current traffic is used to create the scenarios that are to be used to load test the web site.
The identified scenarios aim to accurately emulate the behavior of real users navigating through the Web site.
For example, a seven-page session that results in a purchase is going to create more load on the Web site than a seven-page session that involves only browsing. A browsing session might only involve the serving of static pages, while a purchase session will involve a number of elements, including the inventory database, the customer database, a credit card transaction with verification going through a third-party system, and a notification email. A single purchase session might put as much load on some of the system’s resources as twenty browsing sessions.
Similar reasoning may apply to purchases from new vs. returning users. A new user purchase might involve a significant amount of account setup and verification —something existing users may not require. The database load created by a single new user purchase may equal that of five purchases by existing users, so you should differentiate the two types of purchases.
8. How to prepare a script to run each scenario with the number of types of users concurrently playing back to give you the load scenario?
Using the load test tool, write the scripts to run each scenario with the number of types of users concurrently playing back to give you the load scenario.
The key elements of a load test design are:
test objective
pass/fail criteria
script description
scenario description
Load Test Objective
The objective of this load test is to determine if the Web site, as currently configured, will be able to handle the X number of sessions/hr peak load level anticipated. If the system fails to scale as anticipated, the results will be analyzed to identify the bottlenecks.
Pass/Fail Criteria
The load test will be considered a success if the Web site will handle the target load of X number of sessions/hr while maintaining the pre-defined average page response times (if applicable). The page response time will be measured and will represent the elapsed time between a page request and the time the last byte is received.
Since in most cases the user sessions follow just a few navigation patterns, you will not need hundreds of individual scripts to achieve realism—if you choose carefully, a dozen scripts will take care of most Web sites.
9. How To Create a Load Testing Scenario?
Scripts should be combined to describe a load testing scenario. A basic scenario includes the scripts that will be executed, the percentages in which those scripts will be executed, and a description of how the load will be ramped up.
Tuesday, August 3, 2010
Thursday, December 11, 2008
Security Testing of Web Applications
Security testing is a approach to find out the loopholes of application and our confidential data stays confidential and users can perform only those tasks that they are authorized to perform, a user should not be able to deny the functionality of the web site and cant not authorize to access other users data.
Vulnerability his is a weakness in the web application. The cause of such a “weakness” can be bugs in the application, an injection or the presence of viruses.
I m trying make a straight forward approach, so you can easliy get which corner need more attention during security testing.
1.URL modification-This happens when the application uses the HTTP GET method to pass information between the client and the server. The information is passed in parameters in the querystring. The tester can modify a parameter value in the querystring to check if the server accepts it.Via HTTP GET request user information is passed to server for authentication or fetching data. Attacker can manipulate every input variable passed from this GET request to server in order to get the required information or to corrupt the data. In such conditions any unusual behavior by application or web server is the doorway for the attacker to get into the application
2.SQL injection- is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
3.Cross-site scripting (XSS)-is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits.
4.Cookie and Session Manipulation-A cookie is a small piece of information usually created by the Web server and stored in the Web browser. Each time the user contacts the Web server, this data is passed back to the server. The cookie contains information used by Web applications to persist and pass variables back and forth between the browser and the Web application.If username or password is stored in cookies without encrypting, attacker can use different methods to steal the cookies and then information stored in the cookies like username and password.
Vulnerability his is a weakness in the web application. The cause of such a “weakness” can be bugs in the application, an injection or the presence of viruses.
I m trying make a straight forward approach, so you can easliy get which corner need more attention during security testing.
1.URL modification-This happens when the application uses the HTTP GET method to pass information between the client and the server. The information is passed in parameters in the querystring. The tester can modify a parameter value in the querystring to check if the server accepts it.Via HTTP GET request user information is passed to server for authentication or fetching data. Attacker can manipulate every input variable passed from this GET request to server in order to get the required information or to corrupt the data. In such conditions any unusual behavior by application or web server is the doorway for the attacker to get into the application
2.SQL injection- is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
3.Cross-site scripting (XSS)-is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits.
4.Cookie and Session Manipulation-A cookie is a small piece of information usually created by the Web server and stored in the Web browser. Each time the user contacts the Web server, this data is passed back to the server. The cookie contains information used by Web applications to persist and pass variables back and forth between the browser and the Web application.If username or password is stored in cookies without encrypting, attacker can use different methods to steal the cookies and then information stored in the cookies like username and password.
Thursday, September 4, 2008
Web Application Test
While checking the web application as a software tester you should know what to test,how to test and what no need to test.Here i am listing some points through which you can easily get the things.
Think like a user, according to the users point of view the first thing you will notice in a web site is What does this website do ?
1. Look and feel of your website should leave a good impresson on users.
2. A brief introduction about your website at Landing page or Home page.
3. Display some good points on home page, why user should join you.
4. Give a brief description of each tab on your website (when take mouse over the tabs).
5. Contact us link, its should show the details, How to contact to admin.
lets walk inside.... Here i am listing the very basic things which need "Attention to details" for testing a web application. These are very common things and used for every web application.
Screen Mapping(UI):- While testing a web application, check the complete flow of the application then check font size should be consistent through out the application, color, spelling mistakes, links should navigate to proper destination, buttons, text messages and unnecessary things like HTML tags. and some browsers are support the apostrophy (').
Search:- Its a most important part of your website, and it should get test from every circumference.Like enter the space characters in the search box then hit the enter button.it should display a message.
Upload Images:- For upload a image tester should know the minimum and maximum limit of images and there size 0MB, 3MB and 5MB etc.
Add/update/delete functionality:-Its a very basic functionality and it should get test for every field.Is the update data has been saved in the db?
Confirmation messages:- Confirmation messages should clearly understandable by the users.
Verification:- Verify all the things with your documents so that you are not make any mistake from your side.
Validation:- its a very crucial part in the web application check the validation for each n every field. enter space character in any required field then go ahead it should not allow you to enter and get the data.
Does your password field is case sensitive ?check the validation for lowercase and caps letter for your password field.
Functionality:- To test the functionality of application you should know what this function do, how and what should be the result. In this circumference you can easily get the result for your work.
Error Messages:- Make the error messages consistent for whole application.Error message should be in good way through which a user easily get the point what the application want to say.
Emails:- Sending emails form your website should get in a proper format and no HTML tags. and also check the "mailto" function.
Server Side Testing:- Check the Performance,Load and Stress Test to the sever. give maximum load limit to your site and beyond the limit as well.
Code Review:- As a QA person you should have the knowledge of language in your web application is developed. check the unwanted files in the code through which you can improve the performance. Follow a standard coding format.
Browser Comparison:- Cross-browser compatibility is still one of the most complex issues when it comes to web-development. Web standards usually guarantee a (relatively) high degree of consistency, however no browser is perfect and particularly older browsers have always been quite good at surprising web-developers with their creative understanding of (X)HTML/CSS-code. Still you need to make sure that (at least) most visitors of your web-site can use it, navigate through it and find what they’re looking for as quickly as possible.
Here is some points..
1. some browser not support the apostrophe(')
2. mozilla support the fonts size in "px " explore support in "%".
3. UI is working in mozila butits breakin explore.
4. java script validation and CSS.
5. speed of the browser.
6. Memory user while open more tabs.
7. start up time of the browser.
Web Application Security:- How would you determine whether your website is being Hacked or not?
Is Your website Hackable?
1. Check the cookies/sesssion.
2. Validate all the input tags.
3. Check the URL (Get and Post method).
4. Check for the SQL Injection.
5. Close all the loop holes.
This is my point of view for testing a web application, if i am wrong then most welcome your comments for this. please give your comments so i can improve my knowledge for the same.
Think like a user, according to the users point of view the first thing you will notice in a web site is What does this website do ?
1. Look and feel of your website should leave a good impresson on users.
2. A brief introduction about your website at Landing page or Home page.
3. Display some good points on home page, why user should join you.
4. Give a brief description of each tab on your website (when take mouse over the tabs).
5. Contact us link, its should show the details, How to contact to admin.
lets walk inside.... Here i am listing the very basic things which need "Attention to details" for testing a web application. These are very common things and used for every web application.
Screen Mapping(UI):- While testing a web application, check the complete flow of the application then check font size should be consistent through out the application, color, spelling mistakes, links should navigate to proper destination, buttons, text messages and unnecessary things like HTML tags. and some browsers are support the apostrophy (').
Search:- Its a most important part of your website, and it should get test from every circumference.Like enter the space characters in the search box then hit the enter button.it should display a message.
Upload Images:- For upload a image tester should know the minimum and maximum limit of images and there size 0MB, 3MB and 5MB etc.
Add/update/delete functionality:-Its a very basic functionality and it should get test for every field.Is the update data has been saved in the db?
Confirmation messages:- Confirmation messages should clearly understandable by the users.
Verification:- Verify all the things with your documents so that you are not make any mistake from your side.
Validation:- its a very crucial part in the web application check the validation for each n every field. enter space character in any required field then go ahead it should not allow you to enter and get the data.
Does your password field is case sensitive ?check the validation for lowercase and caps letter for your password field.
Functionality:- To test the functionality of application you should know what this function do, how and what should be the result. In this circumference you can easily get the result for your work.
Error Messages:- Make the error messages consistent for whole application.Error message should be in good way through which a user easily get the point what the application want to say.
Emails:- Sending emails form your website should get in a proper format and no HTML tags. and also check the "mailto" function.
Server Side Testing:- Check the Performance,Load and Stress Test to the sever. give maximum load limit to your site and beyond the limit as well.
Code Review:- As a QA person you should have the knowledge of language in your web application is developed. check the unwanted files in the code through which you can improve the performance. Follow a standard coding format.
Browser Comparison:- Cross-browser compatibility is still one of the most complex issues when it comes to web-development. Web standards usually guarantee a (relatively) high degree of consistency, however no browser is perfect and particularly older browsers have always been quite good at surprising web-developers with their creative understanding of (X)HTML/CSS-code. Still you need to make sure that (at least) most visitors of your web-site can use it, navigate through it and find what they’re looking for as quickly as possible.
Here is some points..
1. some browser not support the apostrophe(')
2. mozilla support the fonts size in "px " explore support in "%".
3. UI is working in mozila butits breakin explore.
4. java script validation and CSS.
5. speed of the browser.
6. Memory user while open more tabs.
7. start up time of the browser.
Web Application Security:- How would you determine whether your website is being Hacked or not?
Is Your website Hackable?
1. Check the cookies/sesssion.
2. Validate all the input tags.
3. Check the URL (Get and Post method).
4. Check for the SQL Injection.
5. Close all the loop holes.
This is my point of view for testing a web application, if i am wrong then most welcome your comments for this. please give your comments so i can improve my knowledge for the same.
Wednesday, May 14, 2008
Subscribe to:
Posts (Atom)