How can data caching have a negative effect on load testing results?

It is quite a heavy task to retrieve data from a certain repository if we see it through a performance point of view. It becomes much more difficult when the data repository lies too far from the application server.Retrieving data becomes difficult also when a specific type of data is accessed over and over again. 

Caching is a technique that has been developed as a measure for reducing the work load and the time consumed for retrieval of the data. 

In this article, we have discussed about the negative effects that simple data caching can have up on the load testing. 

Rules for Caching Concepts

Some rules have been laid down for the caching concepts which have been mentioned below:

1. The data caching is useful if used only for a short period of time and does not works when used through the life cycle of the software system or application.

2. Only that data which is not likely to be changed quite often should be cached.

3. There are certain data repositories that have the capability of supporting the notification events in case if the modification of the data takes place outside the application.

If these above stated rules are not followed properly, the data caching is sure to have a negative impact up on the load testing. 

How data caching produces a negative impact on load testing?

- This is so because the data caching has got some pitfalls which come in our observation only when there are potential situations when there is a possibility of data expiry and software system or application using inconsistent data. 

- Using caching technique is quite simple but any fault can cause an impact on load testing.

- Load testing involves putting demands on the software system or application in order measure its response. 

- The outcomes of the load testing helps in measuring the difference between the responses of the software system or application under normal as well as peak load conditions. 

- Load testing is usually used as a means to have a measure of the maximum capacity at which the software system or application can operate easily. 

- Data caching initiates quick response from the software system or application for obtaining cookies etc. 

- Though data caching responds faster than the usual memory transactions, it has a negative impact on the result of the load testing i.e. you will not get the original results rather the results you will get will be the altered ones. 

What you will get to see is the wrong performance of the software system or application. 

What is the purpose of caching?

- Caching is done with the purpose of storing certain data so that that data in the subsequent stages can be served faster. 

- Data caching affects load testing results in a way until and unless the cache is cleared up by the testing tool after every iteration of the virtual user, an artificial faster page load time is started to be given by the caching mechanism. 

- Such artificial timings will alter your load testing results and invalidate them. - In caching, all the recently visited web pages are stored. 

- When we carry out load testing, our aim is always to check the software system or application under load. 

- So if by chance the caching option is left enabled, what will happen is that the software system or application will try retrieving the data from the data that is locally saved giving false measure of the performance determination. 

- So, the caching option should always be disabled while you carry out load testing. 

Explain how the data is secured in HTTPS?

HTTP secure or HTTPS can be thought of as an extended version of the regular HTTP. This communication protocol is the widely used one next to the regular HTTP when it comes to having a secure communication path between the user and the server over a computer network. 

The HTTPS finds quite a wide deployment over the internet when compared to deployment over intranet. If we understand it deeply we will come to know that in actual it is not a protocol in itself as it seems so from outside. 

It is actually a regular hyper text transfer protocol (HTTP) simply layered over SSL/ TSL protocol. The SSL/ TSL protocol thus lends its security capabilities to the standard HTTP communications when HTTP is layered up on SSL/ TSL. 

In this article we discuss how the data is secured in HTTPS. As we mentioned above that it is quite deployed in the internet services and it is so because it provides a quite convenient means to authenticate the web site as well as the web server associated with it (with which the connection is being established).

How data is secured in HTTPS

Such an authentication is of much importance as it provides the protection against the man in middle attacks which usually occurs because of eavesdropping between our communications with the server. 

- Moreover, HTTPS provides bidirectional encryption of the communications or the data that is exchanged between the clients and the servers. 

- The ability of the bidirectional encryption by virtue of which it protects against tampering and eavesdropping which otherwise would forge the contents of the communications between the clients and the servers, makes it much necessary. 

- HTTPS comes with a reasonable guarantee that you get to communicate only with the web site which you intended to communicate with and with none else.  - Furthermore, a way to prevent the forgery of the contents of the communication that takes place between the users and the clients cannot be hampered or forged by any of the third parties is ensured by the http secure. 

- In HTTPS, the entire HTTP is levied up on the top of the TSL or SSL thus enabling the total encryption of the HTTP communications content.

- This communications content includes:

1. Request URL which states the particular web page that was requested.
2. Query parameters
3. Headers
4. Cookies containing the identity information about the user and so on. 

Negative Points of HTTPS

Though the HTTPS has got many advantages, its minus point cannot be unseen.

-HTTPS cannot protect the disclosure of the communication content.

-This happens so because the addresses of the host web sites and port numbers form a necessary part of the TCP/ IP protocols that underlie the https. -To be seen practically, it means that the identity of the server can still be inferred by the eavesdroppers even on a correctly configured web server as well as the amount and duration of the communication.

-In the early years, the HTTPS was common to be used in the money transactions over the World Wide Web and other sensitive transitions like e- mails.

-In the recent years it has been known for the following:

1. Authenticating the web pages,
2. Providing security to the accounts,
3. Maintaining the privacy of the user communications, web browsing and identity.

The HTTPS has also come to the rescue of the wi- fi since it is highly prone to attacks being un- encrypted. The importance of https is often more realized when the connections are made over tor or anonymity network.       

How is password cracking done?

Password as we all know is some secret string of some characters that is typically used for the authentication purpose and as a means of identity proof.

WHAT IS PASSWORD?

- Password is way through which you access your some accounts and resources.
- A password is not meant for the other except the account holder.
- Passwords have been in use since ancient history and of course the password theft or cracking also!
- Nowadays passwords are more known for their use in the log in process to various systems like an operated system, ATMs, cell phones, email accounts and so on.
- It is not necessary that a password should be some meaningful word; rather it can be anything silly that is probably difficult to be guessed by the others.
- There are many types of passwords like passphrase (password formed by more than one word), PIN (personal identification number, numerical password).
- Passwords are again very much vulnerable since they are not as secure as their cryptographic counterparts i.e., protocols.
- These days password theft, password spoofing etc is quite common.

FACTORS AFFECTING THE SECURITY OF PASSWORD

Before we explain to how a password is cracked, you should know what all the factors affect the security of a password.

- Any password protected system is provided protection against the viruses, Trojans etc.
- Physical security measures like shoulder surfing are also implemented.
- Many a times less extreme measures are also used like:
1. Side channel attack
2. Extortion and
3. Rubber hose cryptanalysis

HOW SECURITY OF PASSWORD PROTECTED SYSTEM IS DETERMINED?

- The security of a password protected system is often determined by the rate at which the attacker or hacker can guess the password.

- To overcome this threat a “time out” of a few seconds can be implemented or a fixed number of chances should be given to type in the correct password.

- Many of the computer systems are now implementing these techniques.

- In some systems the cryptographic hash of the password gets stored which makes the password accessible to an attacker.

- The attacker can obtain the actual password from this hash password value.
- Passwords with high guessing rates are commonly used for cryptographic keys generation process.

HOW PASSWORD CRACKING IS DONE?

- Password cracking is recovering of the passwords from the stored or transmitted data in a computer system.
- There are many approaches developed to crack a password:

1. Guessing
This is perhaps the most common approach and does not require any special skills.

2. Changing the password
This method is second on the list of password cracking methodologies. When a user forgets his/ her password, the system allows the changing of the password following an authentication process.

3. Brute force cracking
This type of cracking involves trying every possible password till the right one is achieved.

4. Dictionary attacks
This method is also very much common and involves trying of the candidate passwords using a cracking dictionary.

5. Pattern checking
6. Word list substitution

PURPOSE FOR PASSWORD CRACKING

- The purpose for the cracking of password can be a positive one, for example, the user of a particular account might have forgotten his password and could not access his account.
- The purpose for the cracking of password can be negative one i.e., for gaining unauthorized access to a computer system, mischief purposes etc.

Time taken to crack a password is directly proportional to the strength of its character set or bits.
- The complex a password, the longer it will take to crack it.
- In some password cracking processes, the system is made to generate the similar types of passwords.
- Such passwords are called candidate passwords.
- Password cracking rate depends on the availability of the hash and the limitations of the software authentication.

What is meant by negative testing?

Negative testing is one of the most sought after software testing methodology. Negative testing is the counterpart of positive testing.

Facts about Negative Testing

- Negative testing is really very helpful when it comes to handling the invalid input test data and abnormal behavior of the software system or application.

- The purpose of the negative testing is to prevent such situations in which the invalid data might be taken by the system and which in turn may disrupt the functioning of the whole software system or application.

- For example, when a user tries to enter numerical data in the alphabetic field, the software system displays a message like “incorrect data type”.

- Such response from the software system or application is required since it avoids the crashing or hanging of the whole system by preventing input of invalid data.

- Not only this, the negative testing helps one improve the quality of the software system or application by knocking out its weak points.

- In positive testing, giving some invalid data as input to the system is considered to be an exception but this is not so in the case of negative testing.

- In negative testing, giving some exceptional input to the software system or application is treated just like a normal event.

- Negative testing is all about testing the exceptions.

- Usually for a better software testing results, both the negative testing as well as positive testing are combined together and implemented.

- Using such a testing methodology provides greater test coverage rather than using just one of the either mentioned software testing methodologies.

Situations which are typically tested by the negative testing:

1. Filling up fields by user
- Most of the web sites as well as web applications require the user to fill up all the fields that are marked compulsory.
- To test this functionality, leave all the marked fields blank and hit the submit button and observe the response of the site or the application.
- The expected outcome here can be a message asking you to fill up all the compulsory fields.

2.Checking correspondence between field and data type
- Negative testing also checks the correspondence between the field and data types.
- For example, the different fields in a form can accept the specified type of data. - To test this, you can enter various sorts of invalid data types in to those fields and check the behavior of the application.

3. Checks allowed limits and data bounds
- It also checks for the allowed limits and allowed data bounds.
- Fields in a form can accept data only within a specified data range and not above or below that.
- This can be tested in two ways. You can either enter value that is less than the lower range of the data or you can enter value that is above the specified range.
- Another example can be of text box which accepts only a finite number of characters.
- You can test it by inputting less or more number of characters.

4. Checking reason ability of input data. - Negative testing is also an effective tool for checking the reasonability of the input data.
- The age fields in some web forms etc do not allow any negative integers and also no floating point value.
- This can be tested by simply putting in the wrong data types like a negative integer.

5. Tests the web sessions
- Negative testing can also be used to test the web sessions either for timing or for log-in purposes.
- There are some web pages for viewing which you first have to log in.
- This can be tested by trying to open that web page without logging in.

Negative testing is pretty easy to be carried out manually, but still you can find many automation tools for it.

What are different manual testing challenges?

Everything in this world has got some positive sides and some negative sides, some advantages and some disadvantages, and of course challenges! This holds utterly true with the technology too. Manual testing being so unsophisticated faces challenges too.

WHAT IS MEANT BY MANUAL TESTING?

- Manual testing involves a tester who is supposed to carry out the testing processes manually for finding out the errors and bugs.
- The tester here tests a software system or application with a view of an end user.
- All the features and functionalities of the software system or application are exploited to the most possible extent.
- As the tester cannot mentally track the whole testing process, he follows a written test plan.
- This also ensures that no important test case is missed.
- Even today after the invention of many modern testing technologies, most of the software engineering projects rely on manual testing since it involves a rigorous testing procedure.
- Manual testing works a long way in digging out more defects.
- In a typical manual testing a high level testing plan is followed.
- All the resources like software licenses and skilled people and computers are identified.
- The test cases are written in detail along with the procedure to be followed and the expected outcome.
- Different test cases are assigned to different testers who carry out the testing manually.
- A detailed test report is prepared.
- Manual testing demands skills because without skill the tester might falter.

CHALLENGES FACED IN MANUAL TESTING

1. Manual testing cannot be used to test out the whole application. It can only be used for some parts. The test cases are so large in numbers that it becomes impossible to execute all of them manually. If you were to execute all of those test cases, testing will take too much of time. You won’t be able to complete the testing within the stipulated period of time.

2. Always pay attention to the company defined processes. You should be well informed with the purpose these processes serve. Often following the company defined processes leas to incomplete software testing. The company processes often don’t keep up with the tester’s methodologies or test plan.

3. Manual testing requires good skills. The main skills required are of trouble shooting, analyzing and communication.

4. As the tester gets more hold of the software system or application testing, more and more test cases and errors and bugs come in to the scene and it become pretty much difficult to keep on testing the software system or application further. This is where the regression testing comes in to the play.

5. You should be careful while choosing the team members. They all should be skilled. Unskilled testers can further aggravate the problem rather than simplifying it. This also leads to inappropriate testing.

6. Manual testing should be governed by the time constraint. There is no time for executing each and every test case. The tester usually focuses on the completion of the task rather than focusing on the quality of the testing. There are a whole lot of the tasks to be performed like executing, documentation, automation and reviewing the test scenario.

7. The problem of sorting the test cases according to the priority often comes in way while following the manual testing. Defining a criterion for the sorting of the test cases well in accordance to the priority.

8. In manual testing the requirements of the software system or application are often misunderstood.

9. The reuse of test scripts is a difficult task in manual testing.

These challenges require analyzing skills rather than any other kind of skills.

What are Test Case Documents and what is the general format of test cases?

The test cases will have a generic format as below:
- Test Case ID : The test case id must be unique across the application.
- Test case description : The test case description should be very brief.
- Test Prerequisite : The test pre-requisite clearly describes what should be present in the system, before the test executes.
- Test Inputs : The test input is nothing but the test data that is prepared to be fed to the system.
- Test Steps : The test steps are the step-by-step instructions on how to carry out the test.
- Expected Results : The expected results are the ones that say what the system must give as output or how the system must react based on the test steps.
- Actual results : The actual results are the ones that say outputs of the action for the given inputs or how the system reacts for the given inputs.
- Pass/Fail : If the expected and actual results are same then test id Pass otherwise Fail.

The test cases are classified into positive and negative test cases.Positive test cases are designed to prove that the system accepts the valid inputs and then process them correctly. Suitable techniques to design the positive test cases are specification derived tests. The negative test cases are designed to prove that the system rejects invalid inputs and does not process them. Suitable techniques to design the negative test cases are error guessing, boundary value analysis, internal boundary value testing and state transition testing. The test cases details must be very clearly specified, so that a new person can go through the test cases step by step and is able to execute it.
In an online shopping application, at the user interface level, the client request the web server to display the product details by giving email id and username. The web server processes the request and will give the response. For this application, we design the unit, integration and system test cases.