Tri-Force Consulting Services, Inc. Ranks No. 895 on the 2011, 2012 Inc. 500|5000

Performance & Security Testing

Performance & Security Testing

Tri-Force Consulting Services, Inc. team specializes in the quality assurance practices explained below for Enterprise level web technology based applications. Currently Tri-Force team is helping our client InfoMC Inc. doing Performance and Vulnerability Testing on the Incedo product lines for the company.

Performance Testing

    Transactions per second.

  • It is the number of completed transactions (both successful and unsuccessful) performed during each second of a load test.

    • Average Transaction Response Time

  • This is the average time taken to perform transactions during each second of the load test. This indicator helps you determine whether the performance of the server is within acceptable minimum and maximum transaction performance time ranges defined for your system.

    • User’s influence

  • User’s influence is a measured as the average transaction response times relative to the number of users running at any given point during the load test. This helps us to understand the general impact of user load on performance time and is most useful when analyzing a load test which is run with a gradual load.

    • CPU Utilization

  • CPU utilization is the percent of time that the CPU is utilized.

    • Throughput

  • Throughput is the amount of data return by the server for the request we sent.

Security Testing

Security testing will cover the following testing approach and identify possible vulnerabilities.

    Testing for Vulnerability #1:

  • SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. The technologies vulnerable to this attack are dynamic script languages including ASP, ASP.NET, PHP, JSP, and CGI. Detect SQL Injection vulnerabilities in all SQL statements, including in SQL INSERT statements.

    • Testing for Vulnerability #1:

  • Run several tests using our security testing tool to identify SQL Injection vulnerabilities.

    • Vulnerability #2. Cross-site scripting

  • Cross-site scripting refers to that hacking technique that leverages vulnerabilities in the code of a web application to allow an attacker to send malicious content from an end-user and collect some type of data from the victim.
    • Security
    Incident Frequency by WASC Threat Classification( Media Reported Incidents only)

    Testing for Vulnerability #2:

  • Run several tests using our security testing tool to identify SQL Injection vulnerabilities. These tests are more in number and short duration.

    • Vulnerability #3.Web scanning

  • Port scanning a web server and running security checks against network services running on the server.
  • Intercept all web application inputs and builds a comprehensive list will all possible inputs in the website and tests them.

    • Vulnerability #3.Web scanning

  • Port scanning a web server and running security checks against network services running on the server.
  • Intercept all web application inputs and builds a comprehensive list will all possible inputs in the website and tests them.

    • Testing for Vulnerability #3:

  • This testing will involve running a very specific test related to port scanning and another test related to web application input interception.

    • Vulnerability #4. code scanning

  • Code scanning provides an ability to provide more information about the vulnerability, such as source code line number, stack trace, affected SQL query. Identify web application configuration problems which could result in a vulnerable application or expose internal application details. For example if ‘custom errors’ are enabled in .NET, this could expose sensitive application details to a malicious user.

    • Testing for Vulnerability #4:

  • This test will be combined with the SQL Injection tests and will also involve separate tests.

    • Vulnerability #5.File scanning

  • Identify all the files present and accessible though the web server. If an attacker will gain access to the website and create a backdoor file in the application directory, the file will be found and will be accordingly alerted.
  • Test for arbitrary file creating and deletion vulnerabilities. Example: Through a vulnerable script a malicious user can create a file in the web application directory and execute it to have privileged access, or delete sensitive web application files.

© 2001 - 2013. Tri-Force Consulting Services, Inc.