如何严格测试网站? [英] How to rigorously test a site?

问题描述

如何严格测试网站的安全性和速度?

How does one rigorously test a site for both security and speed?

有哪些方法和工具?

我们可以模仿成百上千的虚拟用户访问该站点以查看其负载处理情况吗?

Can we mimic hundreds of virtual users visiting the site to see its load handling?

推荐答案

如果这只是压力测试，请尝试

If this is just supposed to be a Stress Test, try http://freshmeat.net/projects/siege/

Siege是一种回归测试和基准测试实用程序.它可以使用用户定义数量的模拟用户对单个URL进行压力测试，也可以将许多URL读入内存并同时对它们进行压力测试.该程序报告记录的命中总数，传输的字节数，响应时间，并发性和返回状态. Siege支持HTTP/1.0和1.1协议，GET和POST指令，cookie，事务日志记录和基本身份验证.其功能可根据每个用户进行配置.

Siege is a regression test and benchmark utility. It can stress test a single URL with a user defined number of simulated users, or it can read many URLs into memory and stress them simultaneously. The program reports the total number of hits recorded, bytes transferred, response time, concurrency, and return status. Siege supports HTTP/1.0 and 1.1 protocols, GET and POST directives, cookies, transaction logging, and basic authentication. Its features are configurable on a per user basis.

或 http://httpd.apache.org/docs/1.3/程序/ab.html

ab是用于基准化Apache性能的工具 超文本传输​​协议(HTTP)服务器.它是通过 告诉您每秒有多少个请求 您的Apache安装可以使用.

ab is a tool for benchmarking the performance of your Apache HyperText Transfer Protocol (HTTP) server. It does this by giving you an indication of how many requests per second your Apache installation can serve.

要测试您的PHP代码，请使用 PHPUnit .要测试您的前端，请使用硒.

To test your PHP code, use PHPUnit. To test your frontend, use Selenium.

对于安全性测试，我强烈建议您购买一次审核，然后交给专门的专家进行审核.除了您的应用程序代码之外，还有太多可能的攻击媒介.

For security tests, I strongly suggest to buy an audit and leave that to dedicated experts. There is just too many possible attack vectors that go beyond your app code.

这篇关于如何严格测试网站?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！