After testing and optimizing those, the next step is to identify and test the rarely-used but high-risk operations. These are operations that may have an impact on performance that is not proportional to their frequency. Even though these are not as common, they can have large impacts due to their system-wide nature and can cause sporadic performance drops during production hours that defy explanation.
Examples include:
- Complex searches
- Updates that touch many joined tables at once
- Mass changes to data that affect many rows
- Large or complex reports
- Administrative functions, such as data migrations, data cleanup or consolidation, cache clearing, etc
- Backups
Thursday, January 19, 2012
High Risk Test Cases
Taken from: http://www.webperformance.com/load-testing/blog/2012/01/identify-and-test-high-risk-operations/
Thursday, January 12, 2012
So SAD...
Taken from: http://java.dzone.com/articles/2011-state-software-security
from Veracode, a company that supplies static and dynamic software security testing services. Like the CAST study, this report attempts to draw wide-ranging conclusions from a limited data set – in this case, the analysis of almost 10,000 “application builds” over the last 18 months (which is a lot less than 10,000 applications, as the same application may be analyzed at least twice if not more in this time window). The analysis focused on web apps (75% of the applications reviewed were web apps). Approximately half of the code was in Java, one quarter in .NET, the rest in C/C++, PHP, etc.
Their key findings:
from Veracode, a company that supplies static and dynamic software security testing services. Like the CAST study, this report attempts to draw wide-ranging conclusions from a limited data set – in this case, the analysis of almost 10,000 “application builds” over the last 18 months (which is a lot less than 10,000 applications, as the same application may be analyzed at least twice if not more in this time window). The analysis focused on web apps (75% of the applications reviewed were web apps). Approximately half of the code was in Java, one quarter in .NET, the rest in C/C++, PHP, etc.
Their key findings:
- 8 out of 10 apps fail to pass Veracode’s security tests on the first pass - the app contains at least 1 high-risk vulnerability.
- For web apps, the top vulnerability is still XSS. More than half of the vulnerabilities found are XSS, and 68% of web apps are vulnerable to XSS attacks.
- 32% of web apps were vulnerable to SQL Injection, even though only 5% of all vulnerabilities found were SQL Injection issues.
- For other apps, the most common problems were in error handling (19% of all issues found) and cryptographic mistakes (more than 46% of these apps had issues with crypto).
Subscribe to:
Posts (Atom)
