• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

I have a fairly large application in CI right now, and I'm looking to improve our test procedures. And by "improve" I mean "put some in place". Looking to see how some other developers out there go about it.

I was thinking of leveraging the Unit Testing framework within CI for some of the more basic stuff -- making sure models do what they are supposed to, etc. But this only takes care of at best half(?) of what really needs to be tested since a lot of logic always resides in the controller. I was considering an automated web test suite (to record my actions through the site and be able to play them back and check conditions) but the products out there seem very lacking.

Aside from a massive set of test procedures that someone has to manually go through, how do you guys deal with regression testing and the likes on a large site?

[eluser]Eric Cope[/eluser]
I find it interesting that there are no responses? I too am looking for guidance on an automated test suite for my large application. I agree that the Unit Testing framework (and unit testing in general) is good for small pieces, but what about the larger pieces?

[eluser]Eric Cope[/eluser]
Since we are the only ones interested in this subject, what ideas do you have on this type of testing?

[eluser]Jim Higgins[/eluser]
I came across these in an online presentation while searching the topic myself.

Unit Testing:
PHP Unit

System Testing:
Selenium + PHP Unit

Performance, Stress, Load, Reliability, Availability
ab, httperf, JMeter, Grinder, OpenSTA

Chorizo + PHP Unit

Here is the presentation...

Also, I know .Net Magazine did a story on automated security testing and I think they ranked them. I have the magazine around still I'm sure (I save them all). Let me know if you'd like me to dig through and try and find it.

Good luck and let me know what you both end up choosing to do.

[eluser]Eric Cope[/eluser]
I am absolutely interested in that article. Let me know if you can find it. Thanks.

Thanks Jim. I ran across selenium in my own searches and it seemed like the one I'd go for to test out the user interfaces. We've just started getting into testing, right now I'm just setting up unit testing for all the helper classes we have, then I'll be going through and writing up formal test cases for the UI. Hopefully those will translate well into selenium and we can avoid too much human intervention.

[eluser]Jim Higgins[/eluser]
Okay, I found the article. It was the December 2007 issue #170. I scanned the article so if either of you would like me to email it to you, just send me your email address or catch me on IM (addresses listed in my profile).

In summary, here's what they recommend for security tests and vulnerability scanners...

HackerGuardian (hackerguardian.com)- Simple vulnerability testing at a low price (some options are free). Scans run from the HackerGuardian servers too so there's no software for you to install or configure.

QualysGuard (qaulys.com/forms/trials/freescan)- This scanning service is for checking network vulnerabilities more than deep analysis of web applications, but there are some overlaps, and you get a free trial so it's definitely worth a look.

Acunetix (acunetix.com) - Vulnerability scanner that can also analyse JavaScript, Flash, Soap, Ajax and run through in-depth xss and sql injection tests. However, a license costs 750 pounds (UK Magazine)... which .Net writer says is worth it if you're a consultant or a large company. They do have a free version that runs xss scans only.

Gamasec (gamasec.com) - Marginally less detailed testing than the one above for a much lower price (from 100 pounds per scan on a pay-as-you-go basis).

Altersite (altersite.com) - Online scanning service with free trials.

Nessus (nessus.org) - Works best on Unix.

Lastly, they included a very quick 4 step tutorial using Aura and Wikto (www.senspost.com/research_tools.html) for free. You can see this in the article I scanned (which I can email to you) or you can backorder a copy of the issue from http://www.netmag.co.uk/

Wow Jim, thanks, I'd love to see the article! I'll send you my email.

I'm still curious if anyone has actually had experience doing such serious testing on a web application? Any pitfalls people have run into, products to avoid, lessons learned? Sounds like Jim's article has a lot of good places to start but I'd still like to see if anyone can weigh in with past experiences?

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.