If you are providing load testing services you would be even more pleased to know that you have a large impact on application security as well, meaning you don’t just determine how much the app or website can handle. You can even stop hack attacks.
Surely you all remember the attack on Sony that took place recently. A living example security should not be treated as something irrelevant. And even if somebody has great software that is protected this does not mean there is no place to evolve. Being pro-active is the key to winning the cyber war without bad people hacking your products.
A nice solution!
Fusing penetration and load testing might deliver you exquisite results. So some of the obvious and still best options you may take are:
- Just run as much resource-consuming processes as possible at the same time to figure out possible breaches.
- How much is the usual number of logging and website entrance attempts you are facing at the same time? Double or even triple it if possible.
- What about attempts of gaining cross-account access from somebody that is already logged in? If it does not work once, it may work within a dozen of attempts.
Surely hackers will not be obvious. What happened to the mentioned earlier Sony? About 80 million users were a disguised for a DDoS attack. Imagine all that traffic. That’s when proper load and penetration combination could have helped if it was done on time.
Going live may be a mistake
Many companies have already suffered the bitter consequences of launching without appropriate preparations. The ‘it should do just fine’ phrase is the worst thing that can come out from a tester’s mouth. Always remember – your product has only one shot at the market after which, if you fail, users will easily choose your competitors from the variety of available software providers.