I am a little step further at the moment, in general you can say negative testing is going beyond the borders of normal (load, stress, fail-over, UAT, etc.) testing. Some aspects of negative testing in my (just reached and incomplete) sense would now be:
- intercepting & faking post/get/http headers
- inserting SQL-statements into the application forms to corrupt databases / tables / etc
- creating queries exceeding max execution time or max number of results can be handled
- manually creating / inserting datasets which make the application collapse when being read again (by one of the above ways?)
- reverse engineering of java clients, writing your own client and using the original client's server connection to do bad things similar to the above mentioned (this case would maybe definetly go beyond the point we would call 'hacking')
- and also manipulating any kind of software (the JVM?) to reach one or more of the following effects
this all leads / should lead the application to stop / shut down / break in not a planned way, e.g. without being able to write logs or showing readable error messages to the user, stopping the server or doing other unattractive things like killing all sessions or throwing all users out.
I mainly concentrate on webapps, but also have to take a look at java-clients.
I do not cover destroying hardware (disks ...) or things like that.
Does anyone have more 'phantasies' on that?
Thanks for your posting(s) & your attention again,
Henning
++++ Egor Egorov wrote on 28.03.2003 09:53 ++++
On Thursday 27 March 2003 14:35, Henning Heil wrote:
Is the crash-me software what are you looking for?
Check these links: http://www.mysql.com/information/crash-me.php
http://www.mysql.com/doc/en/Custom_Benchmarks.html
From the latest link, a cite:
To avoid problems like this, you should put some effort into benchmarking your whole application under the worst possible load! You can use Super Smack for this, and it is available at: http://www.mysql.com/Downloads/super-smack/super-smack-1.0.tar.gz. As the name suggests, it can bring your system down to its knees if you ask it, so make sure to use it only on your development systems.
Try it.
Hi all together!
Meanwhile I found out that what I am looking for is best known as "negative testing", trying to break an application puckish, to make it fail more or less serious by going bejond the borders. I am really really in a hurry (and stuck at the moment) getting information on this topic (I wouldn't ask here if not).
Does anyone have web-links, pdf or other files and can provide those to me? Topics of interest might be a test strategy for "negative testing" or _even_more_ concrete samples of test cases! Most documents if found say that one can convert existing test cases to negative test cases BUT how?
Focused on databases "negative testing" could mean sth like submitting SQL-statements which cause destructive behaviour inserted into search forms or similar. Something similar would be to intercept post-string or modify http-headers. Any more ideas?
Any help will be welcome - thanks a lot!
Rgds,
Henning Heil
P.S.: This must not necessarily go over the list, PM will be fine. P.P.S.: If anyone is interested in I can provide the material I found so far
filters?
sql, query, mysql
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
