ASE STUDY. Performance Testing & Security Testing for Web Applications.

Similar documents
Security Testing for Web Applications and Network Resources. (Banking).

Security Testing & Load Testing for Online Document Management system

Quality Assurance - Karthik

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

Performance Testing Process A Whitepaper

Security and Vulnerability Testing How critical it is?

Fundamentals of LoadRunner 9.0 (2 Days)

STeP-IN SUMMIT June 18 21, 2013 at Bangalore, INDIA. Enhancing Performance Test Strategy for Mobile Applications

Web Based Application Tool (WBAT) For SMS Implementation!

SOFTWARE TESTING SERVICES

How To Test On The Dsms Application

LOAD TESTING ON XCELSIUS DATA. Prepared for Md. Sazzad Hossain Assistant Professor Department of EECS North South University

A closer look at HP LoadRunner software

Product Development Assistance: NexGEN Advantage

THE OPEN UNIVERSITY OF TANZANIA

Comparative Study of Load Testing Tools

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

Adobe Systems Incorporated

Levels of Software Testing. Functional Testing

PERFORMANCE TESTING. New Batches Info. We are ready to serve Latest Testing Trends, Are you ready to learn.?? START DATE : TIMINGS : DURATION :

Boundary Commission for England Website technical development - Statement of Work. Point of Contact for Questions. Project Director.

Cloud Technology Platform Enables Leading HR and Payroll Services Provider To Meet Solution Objectives

CYBER SECURITY, A GROWING CIO PRIORITY

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

DMZ Gateways: Secret Weapons for Data Security

Mobile application testing for the enterprise

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

LoadRunner and Performance Center v11.52 Technical Awareness Webinar Training

Performing a Web Application Security Assessment

USB Secure Management for ProCurve Switches

Software Configuration Management (SCM)

Information Security Management System and Certification for VAS and Data Provider in Telecom Industry: A Case Study

Copyrighted , Address :- EH1-Infotech, SCF 69, Top Floor, Phase 3B-2, Sector 60, Mohali (Chandigarh),

FioranoMQ 9. High Availability Guide

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Metrics, methods and tools to measure trustworthiness

Why Test ITSM Applications for Performance? Webinar

Case Study. Performance Testing of Medical Association Builder Portal. Case Study. US-based Non-profit Medical Association (Healthcare)

HP Performance Center 11.5: What s New? Gurmeen Aneja

Sample Report. Security Test Plan. Prepared by Security Innovation

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

An Aujas White Paper MITIGATING SECURITY RISKS IN USSD-BASED MOBILE PAYMENT APPLICATIONS. By Suhas Desai

HP LoadRunner: Essentials 11

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

TRACE PERFORMANCE TESTING APPROACH. Overview. Approach. Flow. Attributes

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

Application Management Services (AMS)

Directions for VMware Ready Testing for Application Software

2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report

Web Application Testing. Web Performance Testing

PERFORMANCE AND LOAD TESTING

G- Cloud Specialist Cloud Services. Security and Penetration Testing. Overview

How To Test A Web Application For Campaign Management On A Web Browser On A Server Farm (Netherlands) On A Large Computer (Nostradio) On An Offline (Nestor) On The Web (Norton

Peach Fuzzer Platform

Spigit, Inc. Web Application Vulnerability Assessment/Penetration Test. Prepared By: Accuvant LABS

Online Vulnerability Scanner Quick Start Guide

Selling Compellent NAS: File & Block Level in the Same System Chad Thibodeau

How To Secure Your Information Systems

ScienceLogic vs. Open Source IT Monitoring

STeP-IN SUMMIT June 18 21, 2013 at Bangalore, INDIA. Performance Testing of an IAAS Cloud Software (A CloudStack Use Case)

Acunetix Website Audit. 5 November, Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build )

Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Together. Dan Cornell. CTO, Denim

Table of contents. Performance testing in Agile environments. Deliver quality software in less time. Business white paper

How Configuration Management Tools Address the Challenges of Configuration Management

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

Continuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

WIND RIVER SECURE ANDROID CAPABILITY

Case Study. Software Product Reengineering, Maintenance, Support Services Java based Enterprise Product.

HP Thin Client Imaging Tool

How To Write A Request For Information (Rfi)

ETAS. We offer regularly scheduled training seminars for both novice and advanced ETAS tool users.

Nessus Agents. October 2015

CONQUERING COMPLIANCE ISSUES WITH RHN SATELLITE AND TENABLE NESSUS SECURITY

Sentral servers provide a wide range of services to school networks.

Mobile Performance Testing Approaches and Challenges

HP LeftHand SAN Solutions

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Work Experience HP ALM (Quality Center), Bugzilla

LR120 Load Runner 12.0 Essentials Instructor-Led Training Version 12.0

Security Testing and Vulnerability Management Process. e-governance

Big Data - Infrastructure Considerations

View Point. Developing a successful Point-of-Sale (POS) test automation strategy. Abstract. - Sujith George

ESKISP Manage security testing

Security within a development lifecycle. Enhancing product security through development process improvement

HP WebInspect Tutorial

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Perfect Your Mobile App with Load Testing and Test Automation

On Demand Penetration Testing Applications Networks Compliance.

Sonata s Product Quality Assurance Services

Controlling and Managing Security with Performance Tools

Transcription:

2011 Performance Testing & Security Testing for Web Applications. ASE STUDY The client is a leading FMCG brand, they wanted to protect their web application from security threats and provide a trusted. Their requirements were met with performance testing for 50 concurrent users, security testing for Upload files, Download, Approval at various stages and major functionalities of the application, effective automation with different test scenarios which helped them reduce overall cost of testing. ECD Global Info Tech Pvt Ltd 41, Spencer's Plaza, 2nd floor old airport road, Bangalore-560017 Karnataka, India Phone : +91 80 40609604 E-Mail: info@in.ecd-global.com

Abstract The client is a leading FMCG brand, they wanted to protect their web application from security threats and provide a trusted. Their requirements were met with performance testing for 50 concurrent users, security testing for Upload files, Download, Approval at various stages and major functionalities of the application, effective automation with different test scenarios which helped them reduce overall cost of testing. Client Profile The client is a leading FMCG brand in UK for a wide range of Liquor products. Business Need The client was initially approached by the company to take care of their Web Applications, protect them from security threats and provide a trusted environment for conducting secure business through web. The Application has been introduced in market recently and is continuously being enhanced to meet specific client requirements. Enhancements included improvement in the existing features as well as addition of new features. Since the client is one of largest liquor brand, the first main concern around security & quality. The modifications/enhancements/additions required the client to continuously test the application. Client was looking for a preferred testing partner who can: Understand the current application in limited time period Managing audits performed every quarter was becoming a nightmare User and User group utilize role-based security with option to change access on the fly by logging in to the application The assignment involved conducting a Security testing of the application within a short time of 40 to 60 hours. For Security testing, the client s main concern was to identify vulnerabilities clearly and accurately, with a minimum of false positives and protect their web applications. Proprietary & Confidential Information 2

Challenges The Main challenges faced were: To find out the key scenarios for the performance testing such that it covers the whole application. Change in the proposed testing tools (Acunetix, Appscan, WebInspect, Burp Suite) because of limitations with the developed application and tool compatibility Close communication with client required as the product was being tested rapidly in accordance with the end user requirements Manual testing for various high potential vulnerabilities to make sure that the Application is secure. Team management in very effective way to lead the way through to client s expectations up to the mark To add more value to the result findings, a team of experienced project managers went through the report and reviewed it for strategic analysis. The report was then presented according to the specified client template. For automated testing, the client s main concern was to check whether 50 concurrent users logging into the application does not crash the application. The scenarios had to be identified such that it covered whole of the application. Also areas of concern were to check the robustness, speed, fault tolerance, security, cost criteria and extensibility. As agreed in Statement of Work with client, following things done during testing: Security Testing: Information Gathering and Error Enumeration Web-Server Tests Protocol Based Tests Web Application Tests OS Based Tests PHP/ASP Based Tests Apache/ IIS Advance Test Vectors Authentication Tests Flash Test Proprietary & Confidential Information 3

Performance Testing: Perform the Performance testing with 50 concurrent users so that the application does not crash. Identify the Key scenarios. Create the scripts and run the scripts. Analyze the results Software applications are backbones of business hence quality becomes one of the key differentiators in success or failure of the software. ECD s independent software testing services ensures faster delivery of quality software, with less risk, at lower costs. ECD was chosen as an ideal partner to implement effective offshore Quality Assurance for the product and carry out the complete Performance and Security testing of the application by doing manual research & automation testing. ECD team had to ensure that the overall quality of deliverables is achieved within the agreed timeline. ECD setup a 5-member team comprising of 1 project manager, 2 automation test engineer (performance), and 2 security consultants. Security Testing: Security testing attempts to verify that protection mechanisms built into a system will, in fact, protect it from internal and external. Security Testing Approach: o Identifies the resources needed to conduct the Security test o Explains the security test execution process o Presents the Security test schedule ECD s Security team had to guarantee the product quality at each release with performance test. After the completion of the performance testing at the last leg of system testing security testing was done. First the application was checked with automated vulnerability testing tools. Then the application was subjected to different manual testing methodologies. Proprietary & Confidential Information 4

A proper communication channel was established between the client and its Development team to ensure that no gaps are left during the final testing. Weekly summary calls were made to ensure that ECD team is in line with the development team and Client s expectations. The test automation Security testing was achieved using automated web application vulnerability assessment tools like Acunetix, Appscan, WebInspect, Burp Suite, Nessus, etc., After the completion of automated testing, manual testing has been carried out by our security cpnsultants. Application access was given by client on ECD s local test environment. Performance Testing: Performance testing of a Web site is basically the process of understanding how the Web application and its operating environment respond at various user load levels. In general, we want to measure the Response Time, Throughput, and Utilization of the Web site while simulating attempts by virtual users to simultaneously access the site. One of the main objectives of performance testing is to maintain a Web site with low response time, high throughput, and low utilization. The test automation Performance testing was achieved by using HP Load Runner. HP LoadRunner software is an automated performance and load testing product from Hewlett-Packard for examining system behavior and performance, while generating actual load environment. Major Challenges in the Execution: o The team was responsible for Performance testing, Security testing and final approval by the client o Knowledge transfer of the application as concrete requirement documents were not available. o Communication and close track of all communication between the Client and their Development team regarding the Change requests and schedule changes. o Selection of the Module(s) and scenarios to be included for automation testing. The team was responsible for Performance testing, Security testing, explaining the scenarios to client and final approval by the client. Proprietary & Confidential Information 5

Conclusion: ECD has successfully completed the performance tests and security tests for the web application and subsequent releases as per client requirement in a short span of time. Our clients regularly seek our support for testing their Web Applications, Mobile Applications, Servers, Computer Assets and Networks. We keep our client assets safe and reliable. Proprietary & Confidential Information 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information