This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
Hello, Can anyone help me in identifying that which one is the best automated testing tool or framework for testing load, perfformance and security of the web application written in jsp and struts.
Detailed: I developed web based HR & Payroll System and now it my responsibility to finalized and assured that this system cannot make mistake in calculating salary and other critical issue such as security factor and performance.
Thank You Syed Saifuddin [ August 25, 2005: Message edited by: Syed Saifuddin ]
Originally posted by Syed Saifuddin: I developed web based HR & Payroll System and now it my responsibility to finalized and assured that this system cannot make mistake in calculating salary and other critical issue such as security factor and performance.
For web applications, you have basically two categories of tools: those that simulate the HTTP protocol and those that control a real web browser.
Now, you can use either class of these tools for functional testing, i.e. verifying that the right things happen when a user clicks through a certain sequence of steps. For performance testing, you might consider wrapping your HttpUnit/JWebUnit/HtmlUnit tests with JPerfUnit or go with a specialized load testing tool such as Grinder or JMeter. There's no way to use one of the browser-controlling tools for performance testing in a meaningful way.
For security, your best bet is to write a couple of "regular" functional tests to verify that you can't access certain areas of the web application unless you've logged in but that's not really a security issue--just regular functionality. The so-called "real" security testing would involve a security consultant analysing your architecture and running penetration tests against your system with tools like Nessus.
Having said all that, I'd like to suggest that you test domain logic like salary calculations in your *unit* tests instead of functional tests.
I am very thankful to you for the detailed answer. One more thing I really need from you is the single name(not a verity of)framework to use because learning all these framework make extra burden. If you please identify the name of one that cover max of the testing (security, performance and load) in web application it become easier for me to start.
Thankyou Again Syed Saifuddin
Joined: Jan 23, 2002
None of the tools mentioned cover all your needs. That's a fact of life you'll just have to live with.
In order to cover most of your needs, I'd suggest looking into HttpUnit and JWebUnit. The latter is built on top of the former, offers a higher level of abstraction, and therefore a bit nicer API while still giving you (some) access to the underlying (more powerful) HttpUnit API.
I've only just started looking into Selenium but I love it so far. Regarding the comment about having to start TestRunner mode manually, this is from the documentation:
Selenium can be integrated with an automated build. When the parameter "auto=true" is added to the URL, Selenium will run the entire suite of tests, and then post the results to a handling URL. The default URL is "/postResults", but an alternative handler location can be provided by specifying a "resultsUrl" parameter.
Therefore, the steps for continuous integration are:
Create a servlet-type application at the url /postResults which can read the parameters above and write them to a file 2.
Create a script which can start up a brower and send to to the URL: selenium?auto=true *
Generally, this can be done by merely calling the browser with the URL as an argument:
Make your continuous build: * Call the script from step 2, preferably using more than one browser * Wait for it to finish, possibly by checking for the existence of the file(s) from step 1 * Parse these files to determine whether the build passed or failed * Act accordingly (send emails, update a build web page, etc.)