Draft for testing

<Lock Notification->

Date-14/11/2019
 Document Control

Document History - To maintain a list of changes being made

Version Date Author Description of Change

1 02/14/2014 Mohd Ziaul Arfeen Draft created

Page 2 of 7
Table of contents
1-Introduction

2-Project overview

3-Test objective

4-Components and level of testing,tools

Page 3 of 7
 Table of Contents

1. Introduction

This describes testing approach of the components of the Lock notification which needs to be tested in
terms of security and performance

2-Project overview

The scope of the project is to deliver notification to user or user-group based identification as per
active directory or email list whenever admin pushes old,new or trending article manually to user

3-Test objective

The objective of the test is to verify that the security and performance issues which may arise in
application.
The test will execute and verify the test scripts for security,performance,identify, fix and retest all high
and medium severity defects per the acceptance criteria defined

3-Component and levels of testing,Tools

(a)-API- Rest API performance and security testing needs to be done for user and admin.

Tools-For Rest API security testing, IBM APP SCAN will be used with integration of SOAP UI Tool.
For Rest API performance testing, JMETER tool is to be used.

Reason-For performance-
JMETER is open source software which can be used for calculating performance of API both for
admin and desktop application. Metrics of API can be calculated

For security testing-

Page 4 of 7
IBM app scan with SOAP UI will scan the API and will calculate the vulnerabilities found in API.

(b)-Desktop application(user)-Manual performance testing, penetration testing of desktop application

to be done for encryption, authorization etc.User to be authenticated along with API

For Automated penetration and performance testing we will use as mentioned below-

Security testing-

Tools used-Echo mirage to be used for this .

Reason-Echo mirage to be used as it is open source.Desktop application exe file can be injected and
vulnerabilities can be found.

Performance testing-

Tools used- JMETER will be used as it is open source.It will help to capture application metrics i.e-
Response time, disk usage etc

Perfmon-It is open source software -and will help in monitoring the application health

Reason-Both tools are open source and Metrix such as disk usage, memory usage, thorough put
can be calculated including application performance

© Web application(admin)-

Security testing- Manual penetration testing of web application to be done for encryption
,authorization etc.
For automated testing, IBM APP SCAN will be used to detect vulnerabilities in web application.

Reason-It will help to identify vulnerabilities in code like SQL injection ,cross side scripting Etc.Report
can be easily generated.

Performance testing-

Page 5 of 7
Tools used- JMETER will be used as it is open source.It will help to capture application metrics i.e-
Response time, disk usage etc

Perfmon-It is open source software -and will help in monitoring the application health

Reason-Both tools are open source and Metrix such as disk usage, memory usage, thorough put
can be calculated including application performance

Page 6 of 7
Page 7 of 7