Scribd
Upload
145 views8 pages

Performance and Security Testing - Evaluation Template

The document summarizes a case study for an associate named Manjunath. It provides details of tests conducted on static and dynamic web applications, including performance testing, penetration testing, and identity management. It lists the components tested, scores received and an overall score of 57% with strengths in benchmarking and creating test scenarios and reports, and areas of improvement in configuration/deployment and session management.

Uploaded by

Arundathi Shekar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
145 views8 pages

Performance and Security Testing - Evaluation Template

The document summarizes a case study for an associate named Manjunath. It provides details of tests conducted on static and dynamic web applications, including performance testing, penetration testing, and identity management. It lists the components tested, scores received and an overall score of 57% with strengths in benchmarking and creating test scenarios and reports, and areas of improvement in configuration/deployment and session management.

Uploaded by

Arundathi Shekar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 8

Case Study

Associate Name Manjunath


Associate ID MT001
Associate Email Manjunath@mt.
Components Scored

Performance Testing(Static Web Application) 32

Performance Testing(Dynamic Web Application) 32

40
Information Gathering

Configuration and Deployment 13

13
Identity Management
Authentication 23
Session Management 6
Total Soce 159
Resubmit- 60%
Manjunath
MT001
[email protected]
Max Marks Percentage Strengths Areas of improvement Suggestions

55 57%

55 57%

70 57%

20 65%

20 65%
40 58%
10 60%
270 60%
End to End

Creating Dashboard
Skills
Performance Testing (Static Web Application)
Benchmark
Created a Test Scenario
Performance Report

Performance Testing (Dynamic Web Application)


Benchmark
Created a Test Scenario
Performance Report

Penetration Testing (Dynamic Web Application)


Information Gathering

Configuration and Deployment

Page 3
End to End

Identity Management

Authentication

Session Management

Page 4
End to End

Activities
Load time of web application
Have calculated Response time
Have calculated Latency
Have calculated Hits per second
Have calculated with Simulation of 50 users
Have calculated with Simulation of 100 users
Have calculated with Simulation of 500 users
Have calculated with Simulation of 1000 users
Have generated Error table
Have calculated Active Threads
Have generated graphs for hits per second
Have generated graphs for response time over time

Load time of web application


Have calculated Response time
Have calculated Latency
Have calculated Hits per second
Have calculated with Simulation of 50 users
Have calculated with Simulation of 100 users
Have calculated with Simulation of 500 users
Have calculated with Simulation of 1000 users
Have generated Error table
Have calculated Active Threads
Have generated graphs for hits per second
Have generated graphs for response time over time

Load time of web application


Identified version and type of a web server.
Identified known vulnerabilities of the respective webserver
Analyzed robots.txt
Identified other applications (static or dynamic) hosted in the webserver
Identified other domain/sub-domain (static or dynamic) hosted in the webserver
Identified sensitive information from webpage comments and Metadata on source code
Created the workflow/navigation map of the target application
Framework/CMS of specific web application
Determined known vulnerabilities of respective framework/CMS
Identied application architecture
Identified Web Scripting language
Identified Reverse proxy
Identified Application Server
Identified Backend Database

Identified infrastructure elements e.g. config management for software

Page 5
End to End
Done curl -s -D- https://domain.com/ | grep Strict"
Analyzed the permissions for files and folders
Looked for config information in source code or other files

Created users roles and permission matrix.


Checked generic login error statement and header files
Checked the web application by getting access via guest account
Validated the registration process

Checked the request-response cycle for http and https


Tested with default credentials to break into the application
Simulated the brute force actions to lock the account
Tested for SQL Injection
Un-incrypted credentials passing via request-response cycle
Un-incrypted credentials stored in a cookie, sessions.
Checked for logged-in activity in browser history after logging out
Checked for CSRF vulnerability

Checked sessions for sensitive information


Check for session tokens after session is destroyed

Page 6
End to End

Scores
Scored Max Marks Percentage

5 5 100%
2 5 40%
3 5 60%
2 5 40%
2 5 40%
3 5 60%
2 5 40%
1 5 10%
5 5 100%
3 5 60%
4 5 80%
32 55 57%

5 5 100%
2 5 40%
3 5 60%
2 5 40%
2 5 40%
3 5 60%
2 5 40%
1 5 10%
5 5 100%
3 5 60%
4 5 80%
32 55 57%

3 5 60%
3 5 60%
2 5 40%
5 5 100%
4 5 80%
2 5 40%
2 5 40%
2 5 40%
2 5 40%
2 5 40%
2 5 40%
2 5 40%
5 5 100%
4 5 80%
40 70 57%
2 5 40%

Page 7
End to End
2 5 40%
5 5 100%
4 5 80%
13 20 65%
2 5 40%
2 5 40%
5 5 100%
4 5 80%
13 20 65%
3 5 60%
3 5 60%
2 5 40%
5 5 100%
4 5 80%
2 5 40%
2 5 40%
2 5 40%
23 40 58%
3 5 60%
3 5 60%
6 10 60%

Page 8

You might also like