Saturday, December 31, 2022

The Essential Performance Testing Metrics Every Developer Should Know

  1.  Processor Usage: Time spent by the processor to execute non-idle threads.
  2. Memory use: The available physical memory to process on a system.
  3. Disk time: It is the time taken by the disk to read or write a request.
  4. Bandwidth: Bits per second used by a network interface.
  5. Private bytes: A specific number of bytes allocated to a particular process.
  6. Response time: The time between the user’s request and the first response character.
  7. Throughput: Rate of requests received per second by a network. (The formula is Throughput = (number of requests) / (total time). )
  8. Maximum active sessions: Maximum number of sessions that may stay active at once.
  9. Thread (user) counts: Determining the well-being of the application by checking the number of running and active threads.
  10. Latency - JMeter measures the latency from just before sending the request to just after the first response has been received.
  11. Think Time - the time between two transactions of user actions. 
    (Login -> Think Time -> Search -> Think Time -> Logout). 
    The average thinking time could be in the range of 3 to 10 seconds for a normal user.
  12. Error rate - Measures the number of errors that occur in each request.
  13. Network latency - Measures the time it takes for a request to travel from the client to the server.
  14. Transaction time: Measures the time it takes for a transaction to complete.
  15. Resource utilization: Measures the number of resources used by the server to handle requests.
  16. Memory usage: Measures the amount of memory used by the server to process requests.
  17. Load test scalability: Measures how well the server can handle an increasing amount of requests.
  18. Page load time: Measures the time it takes for a web page to load.

Basic concepts of Performance Testing

 Performance Testing

  • Performance testing is a type of software testing that is used to evaluate the speed, scalability, and stability of a system. It is used to ensure that the system can handle the expected load and volume of traffic.

Types:
  1. Load Testing
  2. Stress Testing
  3. Data/Volume Testing
  4. Scalability testing
  5. Endurance testing
  6. Spike testing
Load Testing:
  • Load testing is a generic term covering Performance Testing and Stress Testing.
  • Testing the app with the maximum number of users.
  • To measure the performance under the expected load.
Stress Testing:
  • The system is under extreme load conditions, such as peak user activity or maximum transaction throughput.
  • Testing the application with MORE than the maximum number of users.
  • To measure performance under a load much higher than expected.
Endurance Testing:
  • Endurance Testing is done to ensure the software can handle the EXPECTED load over a long period.
Spike Testing:
  • System by SUDDENLY increasing the load (e.g. the number of users or transactions) to check how it responds.
Data/Volume Testing:
  • System by increasing the number of users or transactions over a PERIOD OF TIME.
Scalability testing:
  • The system performs when the workload increases or decreases.

Common Performance Problem:
  • Most performance problems revolve around speed, response time, load time, and poor scalability.
  • A slow-running application will lose potential users.
  • Long Load time - While some applications are impossible to make load in under a minute, Load time should be kept under a few seconds if possible.
  • Poor response time - Response time is the time it takes from when a user inputs data into the application until the application outputs a response to that input. Generally, this should be very quick. Again if a user has to wait too long, they lose interest.
  • Poor scalability - A software product suffers from poor scalability when it cannot handle the expected number of users or when it does not accommodate a wide enough range of users.
  • Bottlenecking  - Bottlenecking is when either coding errors or hardware issues cause a decrease in throughput under certain loads.

Common performance bottlenecks are:
  • CPU utilization
  • Memory utilization
  • Network utilization
  • Operating System limitations
  • Disk usage

The Essential Qualities of a Good Tester: A Complete Guide

  1.  Problem-solving skills: A good tester should be able to think strategically and come up with creative solutions to problems they encounter while testing.
  2. Communication skills: A good tester should be able to effectively communicate the results of their tests to the development team.
  3. Technical knowledge: A good tester should have a solid understanding of the technology they are using to test.
  4. Writing skills: A good tester should be able to document their testing process in order to help the development team track and debug problems.
  5. Patience: A good tester should be patient and willing to take the time needed to thoroughly test the software.
  6. Flexibility: A good tester should be able to adjust their testing strategies and processes in order to accommodate changes in the software they are testing.
  7. No compromise on the quality.
  8. Negative thinking.

Introduction to JMETER and Performance Testing

 JMeter

  • JMeter is an open-source load-testing tool used by developers and performance engineers to measure the performance of web applications.
  • It can be used to simulate a heavy load on a server, network or object to test its strength or to analyze overall performance under different load types.
  • Measure the application performance and response times.


Test Plan: (Top level directory)
  • A complete test plan will consist of one or more Thread Groups, logic controllers, sample-generating controllers, Listeners, Timers, Assertions, and configuration elements.
  1. Adding elements.
  2. Removing elements.
  3. Saving test plans.
  4. Running test plans.
  5. Stopping a test plan(immediate shutdown), Shutdown(graceful shutdown).
  6. Logging the info and errors.
Important components of a Test Plan:
  1. Thread Group
  2. Listeners
  3. Timers
  4. Assertions
Thread Group:
  • The beginning point of any test plan.
  • The thread group element controls the number of threads Jmeter will use to execute your test.
  • All controllers and samplers must be under a thread group.
Main properties of thread group:
  • Set the number of threads (simulation of a number of concurrent users).
  • Set the ramp-up period (time taken to threads up and running = ramp-up period/Thread 
Samplers:
  • Samplers send requests to the server and collect the response.
  • JMeter supports several types of samplers, including HTTP, FTP, JDBC, LDAP and SOAP.
Listeners:
  • Listeners can be added to test plans or thread group level.
  • Listeners provide a way to view the results of a test in JMeter.
  • Listener options - Graph result, view results tree, view result table, aggregate report, aggregate graph, response time graph.

Saturday, December 24, 2022

Interview Questions on Security Testing

 1. What is Authorization?

  •  Authorization means checking permission.
  •  Authorization is the process of verifying that a user has the necessary permissions to access a particular resource. 
  •  It is typically done by comparing the user's credentials against an access control list to determine if the user is allowed to perform a particular action. 
  •  Authorization is an important part of the security of any system, as it ensures that only authorized users can access sensitive data.

2. What is Authentication?

  •  Authentication means checking credentials.
  •  Authentication is the process of verifying that a person, device, or other entity is who it claims to be.
  •  It is usually accomplished through the use of credentials such as a username/password combination, security tokens, biometric data, or a combination of factors. 
  •  Authentication is an important component of data security, as it helps to ensure that only authorized users can access sensitive information.

3. Why do we do security testing?

  •  To remove vulnerabilities.
  •  Security testing is important because it helps ensure that applications, networks, and systems are protected against potential threats and vulnerabilities.
  •  Security testing helps ensure that data is secure and protected from unauthorized access, manipulation, and theft.
  •  Security testing also helps protect applications, networks, and systems against malicious attacks, and can help detect and identify weaknesses in applications and systems before they can be exploited.

4. Which methods/techniques are used for security testing?

  •  XSS and SQL injection.

5. What is “Vulnerability”?

  •  Weakness in the web application.

6. Security Tests are created on the basis of:

  •  Roles

7. Security Testing is a type of:

  •  Review Testing.
  •  It involves testing the system to identify any security vulnerabilities that could be exploited and gain unauthorized access to the system. 
  •  Security testing is typically done at the end of the software development life cycle.

8. Which symbol is used to test SQL injection?

  •  The most commonly used symbol to test SQL injection is the single quotation mark (').

9. What is the full form of XSS?

  •  Cross-Site Scripting.
  •  Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. 
  •  XSS enables attackers to inject client-side scripts into web pages viewed by other users. 
  •  A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.