Test Performance

Performance Testing News UK
RSS

Archive for the ‘Software Testing’ Category

A short description of NTLM

Posted by performance tester on November 25th, 2009 No Comments

NTLM is a security protocol used in Microsoft Networks. It is the main approach used by Microsoft to implement single sign-on. It is also used for HTTP authentication and also in Exchange, as well as CIFS/SMB, Telnet and SIP.

NTLM uses a challenge response authentication mechanism, in which users are able to establish their identity without the use of a password. This is generally handled by a certificate that the user already had in their poccession. It includes three exchanges, in general known as Type1 (negotiation), Type2 (challenge) and Type3 (authentication). The exchanges work on the following basis.
The client generates and sends a Type 1 communication to the server. This contains a feature supported by the client and requested of from the server.
The server responds with a Type 2 communication. This contains the features decided to be supported by the server. More notably however, it contains a challenge generated by the server.
The client responds to the challenge with a Type 3 communication. This contains a number of pieces of data about the client, including the domain and users name of the client user along with the secret key. This secret key that has been sent should match the secret key that is held by the server.

Finally Digital signatures can be managed. This means that the signed message has not been intercepted and means the sender is privy to the shared secret. This could be a Radius client interating along with Active Directory whereby the shared secret is manually set within each configuration by the administrator. The keys used in signing and sealing are established as a by-product of the NTLM authentication process. Signing functionality is performed by the addition of a Message Authentication Code (MAC) to any message. This is checked by the server who can now be certain that the message integrity is safe. The signature is generated using the secret key, known by both the sender and receiver. The MAC can only be checked by any party holding the key.

Sealing is carried out by a different function, which adds encryption to a message to put a stop to it from being viewed by another party in transit. There are several encryption protocols used throughout signing and sealing, plus more are appearing frequently. As well as providing message integrity, communication discretion is ensured by the use of sealing. Under SSPI (Security Support Provider Interface) sealing (and signing) is at all times performed in combination with the same key. This encryption allows that a message cannot be intercepted or tampered with whatsoever. (Unless of course you are employed for the FBI).

NTLM is a popular authentication protocol. While there are other authentication protocols that are used, the straightforwardness of use and it’s integration with Microsoft leaves it as nearly all administrators number 1 choice.

Posted in Network Testing, Non Functional Testing, Security Testing, Software Testing

Your Application Testing services is an asset not an expense

Posted by performance tester on November 13th, 2009 No Comments

Application code ought to normally be considered by any company to be an asset. Implementing application code has fiscal implications. The cost is recovered after a period of time of using the system. In a lot of cases, the data captured, processed and stored by the system has a value as well.

Application code testing is time consuming and needs outlay in funds and time and frequently results in documentation, procedures, test data, test environments as well as a working software. There is an attraction to skimp on testing as it is an costly business. Application code testing is indispensable.

If the application is unusable when it goes into production, it will cost much more to fix those issues then than it would have if testing had been undertaken before implementation. Fixing defects in live is an expensive matter, it makes pre-production testing look cheap.

How much testing must be done? There is no right or wrong answer to this. The longer that testing carries on, the better the implementation might be. The cost of finding defects increases as testing continues.

While perfection with testing is theoretically possible, it is seldom achieved, the expenditure is simply too great.

Testing assets are not usually thought of as an asset. Financially, testers are seen as a negative not a positive on the balance sheet. Test environments are expensive and are not seen as obligatory and valuable. A server has a definite base cost, a server installed with an application to be tested complete with test data may cost 10X. With many test scripts the testware is worth a good deal more than the hardware asset itself that is listed on the balance sheet.

While this does seem like a cost, it’s not, it’s an asset. The test pack can sustain the implementation of future business requirements going forward.

Generally, much effort is spent executing testing cycles. Now with the introduction of automation and when used in tandem with a test management tool, much of the testing exertion is spent installing code drops, tracking faults and fixing them. There is a financial bottom line value to testcases and the ability to execute them. Good well written testcases supported by a good test management tool and a well configured supported test environment are valuable.

Test automation can increase the worth of the testpack. The setup costs for test automation are high, but the benefits to the testing process are also high. One of the key benefits is that the time to test is greatly reduced. While automated testing itself is much quicker, sometimes just taking a few hours, it can also be run overnight. If the code was ready for testing late on a Tuesday, the test execution could be completed by first thing on the Wednesday.
Generation of an automated test pack is a specialised task using software licenses that can run into the thousands for a single license.The planning stage is considerable with much thought going into determining the keying steps. Test automation uses a substantial amount of logic so that it can adapt to diverse situations when executing against the system frontend.
A test automation specialist will ideally make sure that test automation code does not need to be updated every time the application under test is changed, although sometimes, changes are required if new objects are added to the software screens.

Certainly test automation built with little thought can become a genuine expense to a company, not an asset.

Posted in Automated Testing, Non Functional Testing, Software Testing, Test Tools, Unit Testing

Steps to help ensure your automated testing methodology is a success.

Posted by performance tester on November 12th, 2009 No Comments

Using automated test tools offers some great advantages that can help improve the testing process. However, it should only be under taken when the requirement is necessary. The automated testing process and the methods used in automated testing need to be measurable, repeatable and effective.

Effective test automation resolves each of these issues, allowing management to:

* A reduction in quality assurance resource – thereby making testing cheaper
* Quicker testing and bug resolution cycles
* Better visibility of test results

What can be done to make the automated quality assurance process more effective?

The method is driven by an effective methodology. Without an effective the automated testing practice can quickly turn into an expensive waste of time. Methodology is critical. The entire process should be driven by Methodology- from tool selection to the way in which the tool is applied.. It also helps to drive the approach to off shoring the “appropriate” pieces of the quality assurance process.

The following offers a check list for a Test Manager to follow when applying an automated quality assurance methodology

10 Essentials for Effective Test Automation:

1. Know the steps of the software development process and how they relate to each other.
2. Clearly document the corporation requirements, hardware requirements and software requirements that are necessary to support your automated quality assurance process.
3. Understand that Quality assurance is a strategic effort.
4. Commit to giving software testing its own budget and funding.
5. Choose the right enabling technologies to support the quality assurance process.
6. Be very careful to ensure that the people used to build the automated testing framework are experienced and or trained.
7. Separate test design from test automation so that automation does not dominate test design.
8. Be very careful when considering to lower costs by using less expensive labor than a local team.
9. Document the goals within a test strategy and best practices for test design in a test plan.
10. Use a company or a person with the appropriate skills to build the baseline foundations of your automated testing framework

Posted in Automated Testing, Software Testing, Test Tools

Games business uses crowdsourcing to test Search Engines

Posted by performance tester on November 11th, 2009 No Comments

From Computer Weekly:

So What exactly is the method of Crowdsourcing?
Testing on mass is generally done in-house by organisations. Crowdsourcing is doing the same thing but classically it is done over the internet using a lot more people.A really interesting contest recently took place that exploited Crowdsourcing. The idea was to get as many people as possible to uncover as many flaws as possible within the major search engines.- What a immense idea! A titanic battle between the search engines under test took place. It was organised by uTest. The company used crowdsourcing to put some of the worlds biggest systems under test. Apparently the turn out was unbelievable with over 50 countries participating. This included approximately 1500 resolute!

Posted in Non Functional Testing, Performance Testing, Software Testing, Testing News, Website Testing

Powered by WordPress | Log in | Entries (RSS) | Comments (RSS) | ilookgood! theme by iwritealot!