VAPT Security Testing
Role Of testers in Jira
What is JMeter?
Apache JMeter or simply JMeter is open-source software that is designed to load test functional behaviour and measure performance. It runs completely on Java which makes it compactable to work with any environment or workstation that uses JVM (Java Virtual Machine). JMeter creates a stimulation as a number of users send requests to a target server and returns statistics information of the server to the users through graphical diagrams.
It can run the performance test on a wide variety of applications, servers, and protocol types such as HTTP, HTTPS (Java, NodeJS, PHP, ASP.NET, …), FTP, TCP, LDAP, SOAP/REST/XML-RPC Web Services, Java Objects, MOM (Message Oriented Middleware) via JMS (Java Message Service), DB via JDBC drivers, etc.
JMeter is Platform Independent, Highly Customizable, has Recording & Playback feature, and is also free of cost. Test plans can be simply generated using text editors and stored in an XML file, which makes it easy to understand. Its pluggable Samplers allow wide range of testing capabilities.
Types of Performance Testing done with JMeter
we can do wide range of performance testing Stability, Speed, Responsiveness and scalability of the application. Let’s see the list of performance test that can be done with the help of JMeter.
Load Test: Which helps to find out how the application runs under expected number of users.
Volume test: It check the application how it works under varying user number/database volumes.
Stress test: This type of test puts the application under extreme workload to check how it works under heavy traffic and data processing. It also helps to identify the breaking point of the application.
Spike Test: Which is useful to find how the application reacts when sudden increase of user count.
Endurance Test: This testing ensures that the software can withstand the anticipated demand over an extended period of time.
Scalability Test: The goal of scalability testing is to identify how well the software programme “scales up” to support an increase in user load.
Some of the Salient Features in JMeter
JMeter Script Recording
One of the Salient features of JMeter is Recording also known as Script Recording. Script Recording helps the testers to run their test against a particular target. In JMeter, we can run the test scripts either by using HTTP(S) Test Script Recording (using proxy) or Blazemeter plugins.
HTTP(S) Test Script Recorder
HTTP(S) Test Script Recorder can capture and record all the HTTP(S) requests made to the server from a web/mobile application. We need Test Plan with User Defined Variables, HTTP Request Defaults, HTTP Cookie Manager, Recording Controller, HTTP(S) Test Script Recorder, etc., to run the HTTP(S) Test Script Recorder in JMeter. We can choose a browser as our need in JMeter.
BlazeMeter Chrome Extension
BlazeMeter is one of the Chrome Extensions which can record and run test scripts in JMeter, and Selenium and also can synchronize both JMeter and Selenium. It can support recording JMX, JSON, and YML files. The BlazeMeter Chrome Extension does not need any further setup, although, for some POST requests, it could add multipart/form data even if it isn’t required. It can export pre-recorded requests in “SMART” JMX file which allows configuring the script and parameterizing with no extra work. “SMART” JMX files automatically detect correlation candidates, replace them with the proper extractor, and offer a simple method for parametrization,
In performing Load test with JMeter there is an important process called JMeter Correlation. This is because dynamic sites necessarily require correlation while running performance load test scripting. In JMeter, correlation is the process of capturing and storing dynamic server responses and passing them on to subsequent requests.
Assertion in JMeter
JMeter uses assertions to verify the server’s response to the request that provided it. The assertion is a technique that can compare the request’s actual outcome to what was expected result at run time. If an assertion has to be applied to a particular Sampler, add it as a child of that Sampler. By including “Assertion Listener” in the Thread Group, the outcomes of assertions can be observed. Other listeners will also see any false statements and will display the failed assertions.
List of Assertions that can be used in JMeter
* BeanShell Assertion * BSF Assertion * Compare Assertion * Duration Assertion * HTML Assertion * JSR223 Assertion * MD5Hex Assertion * Response Assertion * Size Assertion * SMIME Assertion * XML Assertion * XML Schema Assertion * XPath Assertion
JMeter Client Machine is sometimes unable to generate enough user activity for a stress test to the server because of network-level limitations or performance-wise limitations of the computer. To overcome this issue JMeter has Remote Testing functionality that allows the user to control multiple, remote JMeter machines from a single JMeter client. In this feature Numerous low-end PCs can be used to reproduce a test, simulating a heavier server demand Multiple numbers of remote JMeter instances can be managed and their data can be collected by a single instance of the JMeter client.
Distributed Testing in JMeter
JMeter’s Distributed Testing feature makes it possible to increase its capacity and produce the required number of threads for the load test. The Master-Slave architecture is used for distributed testing, and JMeter is installed on each system. All of the computers (master and slave) in the distributed architecture are connected to the same local network. One of them is given the role of a master, controlling the other machines while the test is being run. The slave machines carry out the master machine’s instructions before sending the request to the target server by hitting AUT, or application under test.
HTML Report Generation
The dashboard generator is a versatile extension of JMeter. Its behaviours are it reads and processes CSV file samples to produce HTML files with graph views. The report could be generated at the end of a load test or whenever it is needed. It can provide reports on the following metrics as APDEX (Application
Performance Index), a summary graph showing the Success and failed requests, a Statistics table that gives a one-table summary of all metrics per transaction, an Error table, a Zoomable chart, Bytes throughput Over Time, Latencies Over Time, Connect Time Over Time, etc.,
The final JMeter performance report provides an overview of the validity of the run, shows the average sample response time for the requests in the tests, and graphs the sample response times for each sample over time.