Posts

Application security testing strategy(generic)

1 Introduction 1.1 Purpose: This document will provide the generic testing guidelines for Application security testing. It talks about the common vulnerabilities in the system and how to find out those in early phase of SDLC. It will also take about the security overheads and performance of system because of it. Even if your application is not susceptible to security threats it is better to know and act on it. It is beyond the scope of this document to go into in depth of each of the vulnerabilities and process to test this. 1.2 Application Security Testing: Application security testing is defined as a process of identifying the various vulnerabilities in a system which are exposed because of improper design or coding issues. Application level threat cannot be avoided by network firewalls as data comes in HTTP request which these firewalls let pass. So it becomes even more important to handle the security when it applies application level than what happens at Network le...
Post a Comment
Read more

How to develop a security test strategy

What do you need to write a security test plan? The folowing documents comprise the list of what I would expect as inputs to the creation of the individual security test plans. This is a good point to go and review your overall security delivery plan. Does it include these documents as deliverables? Does the supplier have any of these as standard off-the-shelf products? : System security requirements System threat model System risk model Secure coding standards Technical threat modelling Infrastructure secure configuration guides Security defect metrics What is in a security test plan? The security test strategy should as a minimum specify the following points as the core content for each of the security test plans: What are the inputs to the test plan? When in the process does this test occur? Who specifies the test plan contents? Who performs the test? How many instances of the test are expected? What are the required outputs of the test? What are the success...
Post a Comment
Read more

Workload Modeling and Profiles for Load Testing

Any  load testin g  project should start with the development of a model for user workload that an application receives. This should take into consideration various performance aspects of the application and the infrastructure that a given workload will impact. A workload profile is a key component of such a model. Depending on the type and goals of a load test, one or more profiles may be appropriate. Choosing the workload profiles representative of anticipated real load over time (whether it is an everyday usage scenario or a high peak) results in more accurate answers to the “main questions of load testing” such as, “Will my site support N users performing a search at the same time?” and “What is the highest number of users that my site will support – while remaining within specified quality and performance guidelines?” Workload modeling identifies one or more workload profiles to be simulated against the tested application. The workload model then attempts to approxima...
Post a Comment
Read more

PERFORMANCE TESTING – WORKLOAD MODEL

Image
In this modern era, we are living in a space where almost everything is found over World Wide Web. Only perquisite you need is to have proper internet connection at home and it feels like you have the whole world in your hands . .If you search for any information over the web, you end up with countless providers who are just few clicks away from you. This growing competition also demands better customer services to get the competitive edge. Main purpose of web applications is to facilitate the users in getting their desired information in a quick and efficient manner. Thus a web applications performance is the most important parameter to attract and retain maximum users. So now we know that “ performance”  is the key to any web application, how do we measure an applications performance? how to plan a proper and efficient approach? The answer is “ performance testing”  with a well planned “ Workload Model “    is designed  to valida...
Post a Comment
Read more