Skip to main content

Performance & Security Testing Checklist

1. PERFORMANCE

1.1 LOAD

1.1.1 Many users requesting a certain page at the same time or using the site simultaneously
1.1.2 Increase the number of users and keep the data constant
1.1.3 Does the home page load quickly? within 8 seconds
1.1.4 Is load time appropriate to content, even on a slow dial-in connection?
1.1.5 Can the site sustain long periods of usage by multiple users?

1.1.6 Can the site sustain long periods of continuous usage by 1 user?
1.1.7 Is page loading performance acceptable over modems of different speeds?
1.1.8 Does the system meet its goals for response time, throughput, and availability?
1.1.9 Have you defined standards for response time (i.e. all screens should paint within 10 seconds)?
1.1.10 Does the system operate in the same way across different computer and network configurations, platforms and environments, with different mixes of other applications?

1.2 VOLUME

1.2.1 Increase the data by having constant users
1.2.2 Will the site allow for large orders without locking out inventory if the transaction is invalid?
1.2.3 Can the site sustain large transactions without crashing?

1.3 STRESS

1.3.1 Increase both number of users and the data
1.3.2 Performance of memory, CPU, file handling etc.
1.3.3 Error in software, hardware, memory errors (leakage, overwrite or pointers)
1.3.4 Is the application or certain features going to be used only during certain periods of time or will it be used continuously 24 hours a day 7 days a week? Test that the application is able to perform during those conditions. Will downtime be allowed or is that out of the question?
1.3.5 Verify that the application is able to meet the requirements and does not run out of memory or disk space.

1.4 SECURITY

1.4.1 Is confidentiality/user privacy protected?
1.4.2 Does the site prompt for user name and password?
1.4.3 Are there Digital Certificates, both at server and client?
1.4.4 Have you verified where encryption begins and ends?
1.4.5 Are concurrent log-ons permitted?
1.4.6 Does the application include time-outs due to inactivity?
1.4.7 Is bookmarking disabled on secure pages?
1.4.8 Does the key/lock display on status bar for insecure/secure pages?
1.4.9 Is Right Click, View, Source disabled?
1.4.10 Are you prevented from doing direct searches by editing content in the URL?
1.4.11 If using Digital Certificates, test the browser Cache by enrolling for the Certificate and completing all of the required security information. After completing the application and installation of the certificate, try using the <-- BackSpace key to see if that security information is still residing in Cache. If it is, then any user could walk up to the PC and access highly sensitive Digital Certificate security information.
1.4.12 Is there an alternative way to access secure pages for browsers under version 3.0, since SSL is not compatible with those browsers?
1.4.13 Do your users know when they are entering or leaving secure portions of your site?
1.4.14 Does your server lock out an individual who has tried to access your site multiple times with invalid login/password information?
1.4.15 Test both valid and invalid login names and passwords. Are they case sensitive? Is there a limit to how many tries that are allowed? Can it be bypassed by typing the URL to a page inside directly in the browser?
1.4.16 What happens whentime out is exceeded? Are users still able to navigate through the site?
1.4.17 Relevant information is written to the logfiles and that the information is traceable.
1.4.18 In SSL verify that the encryption is done correctly and check the integrity of the information.
1.4.19 Scripting on the server is not possible to plan or edit scripts without authorisation.
1.4.20 Have you tested the impact of Secure Proxy Server?
1.4.21 Test should be done to ensure that the Load Balancing Server is taking the session information of Server A and pooling it to Server B when A goes down.
1.4.22 Have you verified the use of 128-bit Encryption?

Comments

Post a Comment

Popular posts from this blog

SQL SERVER Questions And Answers

SQL SERVER Questions And Answers 1. What is an Entity? The basic data item stored in database is called entity. An entity can be any object, item, place, person, concept, or activity about which data is stored. 2. What is an attribute? An attribute is a property of an entity. It describes a part of an entity. Entity could have one or more attributes. 3. What is ER diagram? An Entity Relationship Diagram is diagrammatic representation of the logical structure of a database system. 4. Describe the concept of keys. Candidate key An attribute that uniquely identifies a row is called candidate key. It is also called das surrogate key. Primary key A candidate key that you choose to identify rows uniquely is called a primary key. Alternate key If there are multiple candidate keys in a table, the candidate keys that are chosen as primary key are called the alternate keys. Composite key When the key that uniquely identifies the rows of a table is made up of more than one attribute, it is ca...
Post a Comment
Read more

Testing Measurement

Someone has rightly said that if something can not be measured, it can not be managed or improved. There is huge value in measurement, but you should always make sure that you get some value out of any measurement that you are doing. You should be able to answer the following questions: What is the purpose of this measurement program? What data items you are collecting and how you are reporting it? What is the correlation between the data and conclusion? Value addition: Any measurement program can be divided into two parts. The first part is to collect data, and the second is to prepare metrics/chart and analyses them to get the valuable insight which might help in decision making. Information collected during any measurement program can help in: Finding the relation between data points, Correlating cause and effect, Input of future planning. Normally, any metric program involves certain steps which are repeated over a period of time. It starts with identifying what to measure. After t...
Post a Comment
Read more

What’s New with QTP 9.5?

This is the general overview giving the brief description of what is new in QTP9.5 New Features: 1.  New design time panes: Various new IDE panes have been introduced which does not provide any new functionality to add up but basically the operations which were in the deep sub menus are now put up in front. Available Keyword Pane: This pane shows all the available functions in the current test (either in-action or externally added), as well as all the objects in your object repository (local and external). The items are effectively separated into groups, making it easier to search for a relevant item. Double clicking any item in the pane will open it, and dragging the item to the main window will add it to the script in the drop position. Double clicking a function will not only open the hosting file in the main window, but also focus on the exact position of the function within the file. Test Flow Pane: This pane lays out the action call structure of the current test. It outlines...
Post a Comment
Read more