jump to navigation

An amazing tool to test penetration on your application called Metasploit Framework July 21, 2011

Posted by shripal shah in Automation Testing, Software Testing.
Tags: , , , , , ,
add a comment

The Metasploit Framework (Msf) is a free, open source penetration testing solution developed by the open source community and Rapid7. I used this recently and found it very interesting to use. I also found a very good post by Karthik R who is a member of the NULL community. Karthik completed his training for EC-council CEH in December 2010, and is at present pursuing his final year of B.Tech in Information Technology, from National Institute of Technology, Surathkal.

Some of the useful terms you should be knowing before thinking of similar tool are; Vulnerability: A weakness in the target system, through which penetration can successfully occur.

Exploit: Once a vulnerability is known, an attacker takes advantage of it, and breaks into the system using a code/script known as an exploit.

Payload: This is a set of tasks initiated by the attacker subsequent to an exploit, in order to maintain access to the compromised system.

I am sure that in current world, its highly important to keep your product secure. I have faced hackers on one of my associates sites recently and Metasploit really helped me to understand the issues.

Thanks to Karthik on this post which will help many users around.


Concept of Load Testing September 22, 2008

Posted by shripal shah in Software Testing.
add a comment

In the current high competition world, its highly mandate that client application is well in line with customer expectation for the performance aspects of the application too..

Let us understand few basics of Load and Performance Testing here.

Volume testing is a way to test functionality. Stress testing is a way to test reliability. Load testing is a way to test performance.

Testing an application under heavy but expected loads is known as load testing. It generally refers to the practice of modeling the expected usage of a software program by simulating multiple users accessing the system’s services concurrently. As such, load testing is most relevant for a multi-user system, often one built using a client/server model, such as a web server tested under a range of loads to determine at what point the system’s response time degrades or fails. Although you could perform a load test on a word processor by or graphics editor forcing it read in an extremely large document; on a financial package by forcing to generate a report based on several years’ worth of data, etc.

When the load placed on the system is accelerated beyond normal usage patterns, in order to test the system’s response at unusually high or peak loads, it is known as stress testing. Stress testing is often incorrectly used interchangeably with load and performance testing.

In a stress test, the load is usually so great that error conditions are the expected result, although there is a grey area between the two domains and no clear boundary exists where you could say that an activity ceases to be a load test and becomes a stress test.

There is little agreement on what the specific goals of load testing are. The term is often used synonymously with performance testing, reliability testing, and volume testing.

Performance testing is usually performed to determine how fast some aspect of a system performs under a particular workload. It can serve different purposes: to demonstrate that the system meets performance criteria; to compare two systems to find which performs better; to measure what parts of the system or workload cause the system to perform badly.

In the diagnostic case, we use tools such as profilers to measure what parts of a device or software contribute most to the poor performance. In performance testing, it is often crucial (and often difficult to arrange) for the test conditions to be similar to the expected actual use.

A reliability test determines how likely a piece of hardware (or sometimes software) is to fail. It is part of reliability theory, used originally as a tool to help nineteenth century insurance companies compute profitable rates to charge their customers. Statistical models appropriate for any of these are generically called “time-to-event” models. Death or failure is called an “event”, and the goal is to project or forecast the rate of events for a given population or probability of an event for an individual.

Volume testing is used to determine if the system under test can handle the required amounts of data, user requests, etc.

Soak testing occurs when running a system at normal to high levels of load for prolonged periods of time. A soak test would normally execute several times more transactions in an entire day than would be expected in a busy day. This should identify any performance problems that appear after a large number of transactions have been executed.

SQA forum and SQATESTER are some of the best resources to learn more on different type of performance testing concept.