Category: By Example

• September 11, 2022

  Convert Postman Collection to Apache JMeter (JMX)

  

  Hey! , i know that you had thoughts about it before , so am i. What if i want to move my API collection to JMeter to start a performance test run. Should i do it manually , or use the JMeter “Test Script Recorder”. i am here to offer two solution , but in…
• August 16, 2022

  [DAST] Dynamic Application Security Testing , Tools and examples

  

  DAST stands for “Dynamic Application Security Testing” , it means analyzing a web application through the front-end to find vulnerabilities through simulated attacks. This type of approach evaluates the application from the “outside in” by attacking an application like a malicious user would. In this kind of testing you can try attacks like SQL injection…
• August 3, 2022

  GraphQL Performance Testing With Apache JMeter

  

  GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data. GraphQL provides a complete and understandable description of the data in your API, gives clients the power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and enables…
• May 30, 2022

  Mobile App Security Testing – Static Analysis Overview

  

  Introduction The mobile industry is booming like never before. This has created a number of types of mobile devices, mobile OS. The mobile boom is not without its risks. Developer generally creates application from a “functionality first” perspective, but with security as a low priority. This is an unfortunate reality. In fact, using mobile devices…
• May 5, 2022

  OWASP ZAP – add-ons that will enrich your discovery

  

  In this article i will refer to number of add-ons that i think may help enrich the vulnerability discovery and also give a clear understanding about the system under test. First of all what is OWASP ZAP? Zap is a famous open source automated pen testing tool , created and maintained by the OWASP community.…
• January 20, 2022

  Performance Testing background noise – What , why and how?

  

  The main goal for any Performance Test Engineer is to make the perfect simulation , because this will lead to accurate test results and that’s what we need from this kind of test. What is background noise? The idea is to record and play some users behaviors which is not meant to be measured or…
• January 27, 2019

  Save Run results with “Simple Data Writer” in Apache JMeter

  

  One of the things that any new person who is dealing with JMeter is facing that if you save a jmx project which is executed before the run results is not saved. So if you didn’t know this you may lose your run results and you have to repeat again. One of the best ways…
• January 12, 2019

  WordPress Security testing using WP-Scan

  

  Do not use the following instructions to exploit websites , Usage of WP-Scan for attacking targets without prior mutual consent is illegal. WordPress now powers 30 percent of the web, according to data from web technology survey firm W3Techs. WordPress is important framework and as the aove statistics it is widely used thats why securing a web…
• August 1, 2018

  SQL Map

  

  Do not use the following instructions to exploit others websites / services , Usage of SQL Map for attacking targets without prior mutual consent is illegal. According to the Open Web Application Security Project (OWASP), injection attacks are first on the list of the top 10 web vulnerabilities. Diving into these, SQL injections are responsible for…