Introduction to JMETER and Performance Testing

 JMeter

• JMeter is an open-source load-testing tool used by developers and performance engineers to measure the performance of web applications.
• It can be used to simulate a heavy load on a server, network or object to test its strength or to analyze overall performance under different load types.
• Measure the application performance and response times.

Test Plan: (Top level directory)

• A complete test plan will consist of one or more Thread Groups, logic controllers, sample-generating controllers, Listeners, Timers, Assertions, and configuration elements.

1. Adding elements.
2. Removing elements.
3. Saving test plans.
4. Running test plans.
5. Stopping a test plan(immediate shutdown), Shutdown(graceful shutdown).
6. Logging the info and errors.

Important components of a Test Plan:

1. Thread Group
2. Listeners
3. Timers
4. Assertions

Thread Group:

• The beginning point of any test plan.
• The thread group element controls the number of threads Jmeter will use to execute your test.
• All controllers and samplers must be under a thread group.

Main properties of thread group:

• Set the number of threads (simulation of a number of concurrent users).
• Set the ramp-up period (time taken to threads up and running = ramp-up period/Thread 

Samplers:

• Samplers send requests to the server and collect the response.
• JMeter supports several types of samplers, including HTTP, FTP, JDBC, LDAP and SOAP.

Listeners:

• Listeners can be added to test plans or thread group level.
• Listeners provide a way to view the results of a test in JMeter.
• Listener options - Graph result, view results tree, view result table, aggregate report, aggregate graph, response time graph.

Interview Questions on Security Testing

 1. What is Authorization?

•  Authorization means checking permission.
•  Authorization is the process of verifying that a user has the necessary permissions to access a particular resource. 
•  It is typically done by comparing the user's credentials against an access control list to determine if the user is allowed to perform a particular action. 
•  Authorization is an important part of the security of any system, as it ensures that only authorized users can access sensitive data.

2. What is Authentication?

•  Authentication means checking credentials.
•  Authentication is the process of verifying that a person, device, or other entity is who it claims to be.
•  It is usually accomplished through the use of credentials such as a username/password combination, security tokens, biometric data, or a combination of factors. 
•  Authentication is an important component of data security, as it helps to ensure that only authorized users can access sensitive information.

3. Why do we do security testing?

•  To remove vulnerabilities.
•  Security testing is important because it helps ensure that applications, networks, and systems are protected against potential threats and vulnerabilities.
•  Security testing helps ensure that data is secure and protected from unauthorized access, manipulation, and theft.
•  Security testing also helps protect applications, networks, and systems against malicious attacks, and can help detect and identify weaknesses in applications and systems before they can be exploited.

4. Which methods/techniques are used for security testing?

•  XSS and SQL injection.

5. What is “Vulnerability”?

•  Weakness in the web application.

6. Security Tests are created on the basis of:

•  Roles

7. Security Testing is a type of:

•  Review Testing.
•  It involves testing the system to identify any security vulnerabilities that could be exploited and gain unauthorized access to the system. 
•  Security testing is typically done at the end of the software development life cycle.

8. Which symbol is used to test SQL injection?

•  The most commonly used symbol to test SQL injection is the single quotation mark (').

9. What is the full form of XSS?

•  Cross-Site Scripting.
•  Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. 
•  XSS enables attackers to inject client-side scripts into web pages viewed by other users. 
•  A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.

How to Extract Text from PDFs with Python Pypdf2?

import encodings
from PyPDF2 import PdfFileReader
from pathlib import Path
import glob
import json
import re
import pymysql

for pdfFile in Path("pdfs").glob("*.pdf"):

# Create pdf file reader object
  pdf = PdfFileReader(pdfFile)

# Grab the page(s)
  page_1_object = pdf.getPage(0)

# Extract text
  page_1_text = page_1_object.extractText()

# Combine the text from all the pages and save as txt file
with open("txts/{}.txt".format(pdfFile.stem), mode='w', encoding="utf-8") as file:
        for page in pdf.pages:
            text = ''
            text += page.extractText()
            file.write(text)
            file.close

Retrieve Image as a BLOB from MySQL Table using Python

 # Import the required modules
import mysql.connector
import base64
from PIL import Image
import io

# For security reasons, never expose your password
#password = open('password','r').readline()

# Create a connection
mydb = mysql.connector.connect(
host="host",
user="suriyaparithy",
password="suriyaparithy",
database="database" # Name of the database
)

# Create a cursor object
cursor = mydb.cursor()

# Prepare the query
query = 'SELECT PICTURE FROM PROFILE WHERE ID=100'

# Execute the query to get the file
cursor.execute(query)
data = cursor.fetchall()

# The returned data will be a list of list
image = data[0][0]

# Decode the string
binary_data = base64.b64decode(image)

# Convert the bytes into a PIL image
image = Image.open(io.BytesIO(binary_data))

# Display the image
image.show()

Image File stored as a BLOB in MySQL Table using Python

 # Import the required modules
import mysql.connector
import base64
from PIL import Image
import io

# Create a connection
mydb = mysql.connector.connect(
host="localhost",
user="suriyaparithy",
password="suriyaparithy",
database="database" # Name of the database
)

# Create a cursor object
cursor = mydb.cursor()

# Open a file in binary mode
file = open('chemical.PNG','rb').read()

# We must encode the file to get base64 string
file = base64.b64encode(file)

# Sample data to be inserted
args = ('100', 'Sample Name', file)

# Prepare a query
query = 'INSERT INTO PROFILE VALUES(%s, %s, %s)'

# Execute the query and commit the database.
cursor.execute(query,args)
mydb.commit()