Security & Stress Testing

Introduction

Security Testing is an intricate subject which involves various methods and tools for testing the security vulnerabilities of an application.

The main area which requires security testing in our chat application is the login and registration system. Since security vulnerabilities in this domain can cause potential leakage or loss of data.

Relation of Security & Stress Testing

Stress Testing on the other hand tests how much processing load an application can withstand. Every application theoretically has a certain limit, for-example, a chat application can possibly handle a large number of messages every second, however, there will be a limit after which it will break. These limitations can be potentially abused hence causing the application to crash, damaging or corrupting the data, or creating unneeded nuisance. Therefore, Stress Testing is often a part of Security Testing. In other cases, real world scenarios, for-example having a large number of users connected to the application are tested.

Majority of the Security Testing requires some knowledge of the application code and how the application stores and retrieves data - if there is any database. Most of the time, we would write some basic test cases for Security and Stress Testing purposes which may include:

• Test Case 1: Verify that users can create a limit number of accounts;
• Test Case 2: Ensure that users can only access resources and functionalities based on their roles and permissions;
• Test Case 3: Test for the ability to bypass authentication (e.g., SQL injection in the login form);

However, since there can be many complex ways of exploiting an application, therefore Exploratory Testing is also very common in this domain.

The following video shows some basic stress testing points in our application:

Another point which wasn't mentioned in the video was limitation on the file size of the image which a user can upload as a profile picture.