Tri-Force Consulting Services, Inc. team specializes in the quality assurance practices explained below for Enterprise level web technology based applications. Currently Tri-Force team is helping our client InfoMC Inc.
doing Performance and Vulnerability Testing on the Incedo product lines for the company.
The industry standard key performance indicators for any website are the following
- Transactions per second.
It is the number of completed transactions (both successful and unsuccessful) performed during each second of a load test.
- Average Transaction Response Time
This is the average time taken to perform transactions during each second of the load test. This indicator helps you determine whether the performance of the server is within acceptable minimum and maximum transaction performance time ranges defined for your system.
- Hits per second
This indicator is the number of hits made on the Web server by the number of users during each second of the load test.
- User’s influence
User’s influence is a measured as the average transaction response times relative to the number of users running at any given point during the load test. This helps us to understand the general impact of user load on performance time and is most useful when analyzing a load test which is run with a gradual load.
- CPU Utilization
CPU utilization is the percent of time that the CPU is utilized.
Throughput is the amount of data return by the server for the request we sent.
Security testing will cover the following testing approach and identify possible vulnerabilities
Testing for Vulnerability #1
SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. The technologies vulnerable to this attack are dynamic script languages including ASP, ASP.NET, PHP, JSP, and CGI. Detect SQL Injection vulnerabilities in all SQL statements, including in SQL INSERT statements.
Testing for Vulnerability #1: Run several tests using our security testing tool to identify SQL Injection vulnerabilities.
Vulnerability #2. Cross-site scripting
Cross-site scripting refers to that hacking technique that leverages vulnerabilities in the code of a web application to allow an attacker to send malicious content from an end-user and collect some type of data from the victim.
Testing for Vulnerability #2: Run several tests using our security testing tool to identify SQL Injection vulnerabilities. These tests are more in number and short duration.
Vulnerability #3.Web scanning
- Port scanning a web server and running security checks against network services running on the server.
- Intercept all web application inputs and builds a comprehensive list will all possible inputs in the website and tests them.
Testing for Vulnerability #3: This testing will involve running a very specific test related to port scanning and another test related to web application input interception.
Vulnerability #4. code scanning
Code scanning provides an ability to provide more information about the vulnerability, such as source code line number, stack trace, affected SQL query. Identify web application configuration problems which could result in a vulnerable application or expose internal application details. For example if ‘custom errors’ are enabled in .NET, this could expose sensitive application details to a malicious user.
Testing for Vulnerability #4: This test will be combined with the SQL Injection tests and will also involve separate tests.
Vulnerability #5.File scanning
- Identify all the files present and accessible though the web server. If an attacker will gain access to the website and create a backdoor file in the application directory, the file will be found and will be accordingly alerted.
- Test for arbitrary file creating and deletion vulnerabilities. Example: Through a vulnerable script a malicious user can create a file in the web application directory and execute it to have privileged access, or delete sensitive web application files.