How often you should execute Performance Testing

I think this is one of the questions that you may hear or you may want an answer for it. How often we should do it , what should be tested and how we decide if it is good or bad performance?

I can’t say that I have an absolute answer for all of this questions but I think I have an answer.

Let’s start with “How often you should run a performance testing”

Before we ask how often , let’s ask first why?

You plan , design and execute a performance testing run for one the following reasons in my opinion :

– Set a performance baseline for a running system.
– Compare performance between old system (legacy system) and new system.
– Detect performance enhancements / degradations between different versions of a software or hot-fixes (patches)

Because we ask how often it means that we already executed a performance testing before and may have a performance testing set to execute when it is needed.

Here is how often you should run a performance testing , in my opinion off course 🙂

  • If you introduce , modify or enhance a code / new code , which may affect the current running software.
  • If you modify the current environment infrastructure and also if you modify configuration(S) which may affect the system performance.
  • To simulate a load happened in production to identify the cause of production Incident related to performance (performance issues).
  • Before every peak season , mostly for e-commerce websites like “Black Friday” to make sure that everything should working as expected.

What do you think , if you have other ideas or real life scenarios you can leave it in the comment section.

How to write data from JMeter response to a csv file

I though about it when i wanted to execute a data prepration script to generate some system ids and use them in a another script , but how can i get a certain value from the response and write to a file , CSV file specifically.

In this post i will tell you how i did it 🙂

Lets try to make it that way , we will use the random article function in wikipedia website to write the article name to a csv file , so everytime the random article is triggered JMeter will write the new article name to a CSV file.

The following will be added :

  • Thread Group
  • HTTP Sampler as shown below
  • View results tree
  • Regular expression extractor as a child to the HTTP Sampler
  • BeanShell PostProcessor as a Child to the HTTP Sampler

Every time “https://en.wikipedia.org/wiki/Special:Random” will requested the value in title will be written to the CSV file

Regular Expression Extractor configuration will be as shown below :

One step is remaining , to write the “Article_Name” parameter value to a CSV file

BeanShell PostProcessor code will be as the following :

artname = vars.get("Article_Name");
f = new FileOutputStream("Results.csv", true);
p = new PrintStream(f);
this.interpreter.setOut(p);
print(artname);
f.close();

Our last step is to run the script with more than one iteration , let’s execute it with 3 iterations and then go to see the CSV fie contents.

Hope you find this article useful 🙂

Increase Number of users generated from your local machine

Number of user generated from your local machine depends on your local machine specs but what if you can generate more users with number of tricks.

1. Don’t use listners

Listners consumes a lot of memory to be able to display information and do the necessary calculations , the less listners you use the more memory is available to generate users.

Use Simple Data Wriiter to store all of your run data and after the execution is finished you can get all information you need from .jtl file created.

*We have an article explaining how to use Simple data writer , see the following link

https://thetesttherapist.com/2019/01/27/save-run-results-with-simple-data-writer-in-apache-jmeter

2. Increase Java Heap Size Limit

We’re going to change the amount of memory reserved to JMeter by default to a larger size which allow JMeter to generate more users but you cannot set the memory size to be > 80% of your total system memory

Here is the default value in APache JMeter 5 , the default value is 256m

Screen Shot 2019-02-17 at 12.28.56 PM

You can set a new value which is not larger than 80% of your system memory , JMeter will not lunch if you set a memory which is much higher than possible.

*You can change the heap size value when you edit  jmeter.bat file and search for “set HEAP” in notepad or any other editor.

3. Use x64 JDK and Windows

With x64 Windows and JDK you can consume more memory and have a better memory management that will help you generate more users than before.

*With all the above tricks your machine specs cannot exceed a certain boundary related to your hardware , and unfortunately we cannot calculate precisely how much a machine with a specific specs can generate and also it is differ from test to test.But these tricks help you get the max out of your machine before thinking to add a new machine to generate more or move to the cloud.

Stop JMeter test run when reaching a specific number of requests

You want to execute a JMeter performance test but you don’t want to exceed a specific number of requests , is it possible?

Yes it is 🙂

What if we can get the value of the current iteration and make a condition to stop the test when reaching a specific values. This can be done as the following

Create a basic JMeter test plan with the essential samplers and listeners

Test plan will have the following :

  1. Thread Group
  2. Http Sampler
  3. If controller
  4. Test Action Sampler
  5. Summary Report Listener

Thread Group run settings will be as the following :

Thread group settings is just an example you can use what is suitable to your test

We will put If controller and a test action as a child for it in the beginning of the test just under the Thread Group.

Everytime you call ${__counter(,)} you got the current iteration number.
in the above example we need to set a maximum of 300 requests (iterations).

“${__counter(,)}” >= 301

So why i put the condition operator to be >=301 because in case of concurrency it will be easier to check for number of iteration after you already finished your 300 iterations , give it a try if you put 300 the test will be stopped at the iteration number 299.

Test Action will be a child to the IF Controller

When the condition is true the Test Action will stop the test.

Then you have to add http request , in the example we used “https://en.wikipedia.org/wiki/Main_Page”

At the end add summary report to check the number of request and run the test

Summary

With IF Controller and Test Action you can limit your test execution maximum number of requests While you executing a duration based test with multiple threads.

Visual Studio – Web test Custom Plugins & Extraction Rules

What is web test plug-in ?

The Web performance test plug-in is run one time for every test iteration. In addition, if you override the PreRequest or PostRequest methods in the test plug-in, those request plug-ins will run before or after each request, respectively.

What is Extraction Rule ?

Extraction rules are similar to validation rules, but instead of just verifying data, they will extract the data and store the result in the Web test context.

The idea behind writing custom libraries

The idea is to extend the visual studio web test capability to suit your test conditions and requirements.

Functionalities not exist out of the box

1.Loops using parameter in the terminating value.

2.Get the number of occurrences from the context.

3.Using parameters in the extraction rule index.

Custom Plugins & Extraction Rules examples

Custom Plugins  
Loop Context Plugin  

Custom Extraction Rules  
GetTheNumberOfOccurrences  
RegExpExtractorWithContextIndex

Loop Context Plugin


ConditionRuleContextParameter : the parameter name of the web test loop.  ContextParameterTerminatingValue : the parameter name that holds the terminating value.

Get The Number Of Occurrences

Context Parameter Name : Parameter name which will hold the number of occurrences value.
MyRegularExpression : Regex (pattern) that you want to get its number of occurrences.

Reg ExpExtractor With Context Index

Context Parameter Name : Parameter name which will hold the extracted value.
MyIndex : Parameter name which hold the index value. MyRegularExpression : Regex (pattern) that will be extracted from context.

Code snippets

References

https://msdn.microsoft.com/enus/library/ms243191.aspx
https://msdn.microsoft.com/en-us/library/ms243179.aspx

Save Run results with “Simple Data Writer” in Apache JMeter

One of the things that any new person who is dealing with JMeter is facing that if you save a jmx project which is executed before the run results is not saved.

So if you didn’t know this you may lose your run results and you have to repeat again.

One of the best ways to save your run data is using “Simple Data Writer” it not only make you able to save your run data but also enable you to use the data file on any listner or graph you want or need.

Data Files

CSV is one of the file extensions you can use to save your run results as the following example.

savedatatable

In the above example the results table will be saved to a .CSV file which is good in case you want only the data shown in the table but if you want more the Simple data writter will be a better option.

What are JTL files?

JMeter can create text files containing the results of a test run.

These are normally called JTL files, as that is the default extension – but any extension can be used.

Simple Data Writer

simpledatawritter

 You can configure the results save configuration the more you save the more listners you can use.

simpledatawritterconf

I used to select them all , sometimes this leads to larger size data file but this is safer to use in different graphs and listners as i will show you later.

Lets add simple data writter to thread group and disable all the other listners and execute test as the following.

simpledatawritterwithfile

datafile

After the run is finished i’m going to open the jtl file in the following listners :

  • View Results Tree
  • Summary Report
  • Active Threads over time graph
  • Hits per second graph

viewresultsjtl

summaryreportjtl

activethreadsjtl

As shown above the results data saved using Simple Data Writer can be used in any of the default JMeter listners and also extra listners which can be added to JMeter in the feature , .JTL extension is the default saving extensions which can be re-saved to CSV file if needed , see the following Wiki Page

https://wiki.apache.org/jmeter/JtlFiles

 

 

WordPress Security testing using WP-Scan

Do not use the following instructions to exploit others websites / services , Usage of WP-Scan for attacking targets without prior mutual consent is illegal.

WordPress now powers 30 percent of the web, according to data from web technology survey firm W3Techs.

WordPress is important framework and as the aove statistics it is widely used thats why securing a web site based on WordPress framework is something obvious.

What is WP-Scan ?

WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites.

Installation

You can install it via Docker with the following commands :

docker pull wpscanteam/wpscan

Scan WordPress Site

Default Scan

docker run -it –rm wpscanteam/wpscan –url Website URL

screen shot 2019-01-12 at 1.16.09 pm

screen shot 2019-01-12 at 1.18.17 pm

Using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings.

Only Display Vulnerable Plugins

docker run -it –rm wpscanteam/wpscan –url Site URL –enumerate vp

screen shot 2019-01-12 at 1.28.00 pm

screen shot 2019-01-12 at 1.29.27 pm

Enumerate User Name

docker run -it –rm wpscanteam/wpscan –url Site URL –enumerate

screen shot 2019-01-12 at 1.33.51 pm

screen shot 2019-01-12 at 1.34.41 pm

Useful Links

WPScan Vulnerability Database

https://wpvulndb.com/

WPScan on GitHub

https://github.com/wpscanteam/wpscan