In the past few years, deployment of applications in the cloud has become an industry standard. Meher Nori believes that it is very important for QA/testing organizations to understand the impact the cloud may have on them and prepare accordingly. The impact primarily involves a change in the testing strategy, and two items become very important. (1) Security testing and elasticity/scalability testing—new types of tests which previously were not so important—need to be created and executed once an application is hosted in the cloud. (2) Some traditional tests—availability testing and interoperability testing—gain additional prominence when an application is deployed in the cloud. Organizations must understand and prepare for these changes in test strategy. Join Meher and take back the Cloud Testing Readiness Table you can use to assess your ability to test cloud-based applications successfully. This table lists the additional tests that are new and those tests that gain prominence as you build a testing strategy for the cloud.
1.
T22
Cloud
Testing
10/5/17
15:00
Get
Ready
for
Cloud
Testing
Presented
by:
Meher
Nori
Broadridge
Financial
Solutions
Brought
to
you
by:
350
Corporate
Way,
Suite
400,
Orange
Park,
FL
32073
888-‐-‐-‐268-‐-‐-‐8770
·∙·∙
904-‐-‐-‐278-‐-‐-‐0524
-‐
info@techwell.com
-‐
http://www.starwest.techwell.com/
2. Meher
Nori
Broadridge
Financial
Solutions
For
the
past
three
years,
Meher
Nori
has
been
global
head
for
quality
assurance
at
Broadridge
Financial
Solutions.
He
has
introduced
methods
to
measure
quality
using
metrics
and
has
coauthored
three
publications/presentations
in
the
areas
of
performance
testing,
Big
Data
testing,
and
mobile
testing.
Previously,
Meher
worked
in
strategy,
program
management,
and
account
management
functions
in
India,
the
United
States,
and
the
UK.
He
currently
leads
a
global
team,
based
in
Hyderabad,
India.
In
2012,
Meher
was
named
IT
Professional
of
the
Year
by
the
Hyderabad
Management
Association.
3. 1
Get
Ready
for
Cloud
Tes2ng
Meherphani
Nori
and
Deepthi
Dharanipragada
Content
10/05/2017
2
Cloud
Compu2ng
Benefits
of
adop2ng
Cloud
What
changes
when
an
applica2on
moves
to
cloud
What
should
change
in
tes2ng
an
applica2on
on
cloud
Mul2-‐Tenancy
Tes2ng
Availability
Tes2ng
Business
con2nuity
and
DR
tes2ng
Compa2bility
tes2ng
Interoperability
tes2ng
Performance
tes2ng
Security
Tes2ng
Elas2city/Scalability
tes2ng
Tradi&onal
tests
of
importance
Cloud
Tes2ng
Readiness
Matrix
4. 2
10/05/2017
3
Cloud
Compu2ng
Cloud
compu2ng
is
defined
by
the
US
Na2onal
Ins2tute
of
Standards
and
Technology
(NIST)
as
“
a
model
for
enabling
ubiquitous,
convenient,
on-‐demand
network
access
to
a
shared
pool
of
configurable
compu2ng
resources
(e.g.,
networks,
servers,
storage,
applica2ons
and
services)
that
can
be
rapidly
provisioned
and
released
with
minimal
management
effort
or
service
provider
interac2on”.
On-‐demand
self-‐service
Broad
network
access
Resource
pooling
Rapid
Elas2city
Measured
service
10/05/2017
4
Cloud
based
service
models
Infrastructure
(as
a
Service)
Applica2ons
Security
Databases
Opera2ng
System
Virtualiza2on
Servers
Storage
Networking
Data
Centers
Pla^orm
(as
a
Service)
Applica2ons
Security
Databases
Opera2ng
System
Virtualiza2on
Servers
Storage
Networking
Data
Centers
So_ware
(as
a
Service)
Applica2ons
Security
Databases
Opera2ng
System
Virtualiza2on
Servers
Storage
Networking
Data
Centers
You
Manage
Others
Manage
5. 3
10/05/2017
5
Deployment
models
Private
Cloud
On
or
off
premise
For
a
single
organiza2on
Managed
by
Organiza2on/
third
party
Public
Cloud
Off
premise
For
general
users
Managed
by
Provider
Community
Cloud
On
or
off
premise
For
specific
community
of
consumers
Managed
by
one/mul2ple
organiza2ons
Hybrid
Cloud
On
or
off
premise
Determined
by
each
cloud
Amalgama2on
of
two
or
more
clouds
• Reduce
Capital
Costs
• Scalability
• Quicker
2me
to
market
• Increased
agility
• Reduce
data
center
maintenance
costs
10/05/2017
6
Benefits
of
adop2ng
Cloud
6. 4
10/05/2017
7
What
changes
when
an
applica2on
moves
to
Cloud
• Cloud
environment
is
extremely
complex.
Large
afack
surface
owing
to
many
components
in
the
cloud
• Shared
mul2-‐tenant
environment
–
Infra
is
shared
with
unknown
par2es
need
logical
separa2on
• Auto
Scaling
will
provision
more
resources
to
handle
increased
demand.
The
result
is
high
performance,
regardless
of
the
user
demand.
• Auto
scaling
manages
the
launch
and
termina2on
of
VMs
on
your
behalf
10/05/2017
8
What
changes
when
an
applica2on
moves
to
Cloud
• ASP
Model
typically
involved
delivering
applica2on
services
using
separate
single
tenant
or
client
instances
• Cloud
uses
resource
pooling,
to
serve
mul2ple
customers
using
a
mul2-‐tenant
model,
with
different
physical
and
virtual
resources
dynamically
assigned
and
reassigned
according
to
customer
demand.
7. 5
10/05/2017
9
What
should
change
in
tes2ng
an
applica2on
on
Cloud
• Security
Tes2ng
• Elas2city/Scalability
• Tradi2onal
tests
that
gain
prominence
Ø Mul2-‐Tenancy
tes2ng
Ø Availability
Tes2ng
Ø Business
con2nuity
and
DR
tes2ng
Ø Compa2bility
Tes2ng
Ø
Interoperability
tes2ng
Ø Performance
tes2ng
10/05/2017
10
What
should
change
in
tes2ng
an
applica2on
on
Cloud
Cloud
Security
Elas2city/
Scalability
Mul2-‐Tenancy
Availability
Business
Con2nuity/
DR
Compa2bility
and
Interoperable
Performance
On-‐Premise
Smoke
Tes2n
g
Func2onal
Tes2ng
Regression
Tes2ng
Performance
Tes2ng
Integra2on
Tes2ng
Addi2onal
Tes2ng
Types
Tradi2onal
Tes2ng
Types
8. 6
10/05/2017
11
Security
Tes2ng
Vulnerability
detec2on
and
remedia2on
• SAST
(Sta2c
Applica2on
Security
Test)
– Much
before
deployment
– A
comprehensive
Developer
report
has
to
be
generated
a_er
verifying
code
security
controls
by
providing
recommenda2ons
and
secure
coding
techniques.
• DAST
(Dynamic
Applica2on
Security
Test)
– A_er
development
but
before
deployment
• IAST
(Interac2ve
Applica2on
Security
Test)
– Typically
a_er
deployment
10/05/2017
12
Security
Tes2ng
…
Security
Tests
• Cross-‐site
Scrip2ng
(XSS)
• Content
Spoofing
• Improper
Excep2on
handling
• SQL
inges2on
• Concurrent
login
• Insecure
Administra2ve
Func2onality
• Insufficient
authoriza2on
• Improper
Frame
bus2ng
code
• Insecure
Direct
object
reference
Penetra2on
Tes2ng
–
Perform
Penetra2on
tes2ng
to
avoid
DDOS
afacks
in
partnership
with
CSP
9. 7
10/05/2017
13
Elas2city/Scalability
and
Mul2-‐Tenancy
tes2ng
Horizontal
&
Ver2cal
Scalability
Tes2ng
–
Cloud
comes
with
an
auto
scalability
op2on
• Failure
containment
tes2ng:
Failure
of
one
tenant
does
not
cascade
to
other
tenants
• API
tes2ng
in
Mul2
tenancy
environment:
API
tests
under
mul2
tenancy
opera2on
to
ensure
that
tenants
are
isolated
from
each
other
through
APIs
• Mul2
Tenancy
Performance
tes2ng:
Load
tests
under
mul2-‐tenancy
opera2on
to
ensure
the
SLA’s
are
met
10/05/2017
14
Tradi2onal
Tests
that
become
important
• Mul2
Tenancy
Test
• Availability
tes2ng
• Business
con2nuity
and
DR
tes2ng
• Compa2bility
Tes2ng
• Interoperability
Tes2ng
• Performance
Tes2ng
10. 8
10/05/2017
15
Cloud
Tes2ng
Readiness
Matrix
Category
Tes&ng
Type
Cloud
Tes&ng
Readiness
Ques&on
Yes/
No
Security
Tes&ng
Vulnerability
detec2on
Do
we
have
the
exper2se
to
detect
vulnerabili2es
so
that
they
can
be
remedied?
Yes
Security
Tests
Do
we
have
the
exper2se
to
carry
out
security
tes2ng?
(SQL
inges2on,
cross
site
scrip2ng
etc.)
No
Penetra2on
tes2ng
Do
we
have
exper2se
&
tools
to
perform
Penetra2on
tes2ng
to
avoid
DDOS
afacks
(if
the
CSP
-‐
Cloud
Service
Provider
allows
this
tes2ng).
No
Elas&city/
Scalability
Tes&ng
Horizontal
&
Ver2cal
Scalability
tes2ng
Do
we
have
the
exper2se
&
tools
to
perform
Scalability
tes2ng
as
cloud
comes
with
auto
scalability
op2on?
No
10/05/2017
16
Cloud
Tes2ng
Readiness
Matrix
Category
Tes&ng
Type
Cloud
Tes&ng
Readiness
Ques&on
Yes/
No
Tradi&onal
Tes&ng
Mul&-‐
Tenancy
Tes&ng
Failure
containment
tes2ng
Do
we
have
exper2se
to
test
for
Failure
containment
under
mul2-‐tenancy
condi2ons
in
order
to
ensure
that
the
failure
of
one
tenant
does
not
cascade
to
other
tenant
instances?
Yes
API
Tes2ng
in
Mul2
tenancy
environment
Do
we
have
the
exper2se
to
perform
API
tests
under
mul2
tenancy
opera2on
to
ensure
that
tenants
are
isolated
from
each
other
through
the
API's?
NA
Mul2
Tenancy
Performance
tes2ng
Do
we
have
the
exper2se
to
perform
Load
tests
under
mul2
tenancy
opera2on
to
ensure
the
SLA's
are
met?
Yes
11. 9
10/05/2017
17
Cloud
Tes2ng
Readiness
Matrix
Category
Tes&ng
Type
Cloud
Tes&ng
Readiness
Ques&on
Yes/
No
Tradi&onal
Tes&ng
Availability
tes2ng
Do
we
have
the
exper2se
to
measure
applica2on
availability?
Yes
Business
Con2nuity
and
Disaster
Recovery
tes2ng
Do
we
have
the
Business
Con2nuity
and
Disaster
Recovery
tes2ng
plan
of
the
applica2on
(before
migra2ng
to
cloud)
which
can
be
updated
to
handle
the
same
applica2on
a_er
it
is
hosted
on
Cloud?
Yes
Compa2bility
tes2ng
Do
we
have
the
Compa2bility
test
cases
of
the
web
applica2on
before
migra2ng
to
cloud
which
can
be
extended
to
the
same
applica2on
a_er
it
is
hosted
on
cloud?
Yes
Interoperability
tes2ng
Do
we
have
the
exper2se
to
test
for
Interoperability
to
ensure
that
a
new
applica2on
will
work
seamlessly
when
it
will
be
moved
from
on
premise
to
cloud
infrastructure?
No
Performance
Tes2ng
Can
we
have
a
Test
environment
created
that
is
similar
to
Produc2on
environment
and
perform
Load
and
Stress
tes2ng
leveraging
the
scenarios
we
have
before
migra2ng
to
cloud
and
ensure
all
SLA’s
are
met?
Yes
10/05/2017
18
Cloud
Tes2ng
Readiness
Matrix
Category
Tes&ng
Type
Cloud
Tes&ng
Readiness
Ques&on
Yes/No
Security
Tes&ng
Vulnerability
detec2on
Do
we
have
the
exper2se
to
detect
vulnerabili2es
so
that
they
can
be
remedied?
Yes
Security
Tests
Do
we
have
the
exper2se
to
carry
out
security
tes2ng?
(SQL
inges2on,
cross
site
scrip2ng
etc.)
No
Penetra2on
tes2ng
Do
we
have
exper2se
&
tools
to
perform
Penetra2on
tes2ng
to
avoid
DDOS
afacks
(if
the
CSP
-‐
Cloud
Service
Provider
allows
this
tes2ng)
No
Elas&city/
Scalability
Tes&ng
Horizontal
&
Ver2cal
Scalability
tes2ng
Do
we
have
the
exper2se
&
tools
to
perform
Scalability
tes2ng
as
cloud
comes
with
auto
scalability
op2on?
No
Tradi&onal
Tes&ng
Mul&-‐
Tenancy
Tes&ng
Failure
containment
tes2ng
Do
we
have
exper2se
to
test
for
Failure
containment
under
mul2-‐tenancy
condi2ons
in
order
to
ensure
that
the
failure
of
one
tenant
does
not
cascade
to
other
tenant
instances?
Yes
API
Tes2ng
in
Mul2
tenancy
environment
Do
we
have
the
exper2se
to
perform
API
tests
under
mul2
tenancy
opera2on
to
ensure
that
tenants
are
isolated
from
each
other
through
the
API's?
NA
Mul2
Tenancy
Performance
tes2ng
Do
we
have
the
exper2se
to
perform
Load
tests
under
mul2
tenancy
opera2on
to
ensure
the
SLA's
are
met?
Yes
Availability
tes2ng
Do
we
have
the
exper2se
to
measure
applica2on
availability?
Yes
Business
Con2nuity
and
Disaster
Recovery
tes2ng
Do
we
have
the
Business
Con2nuity
and
Disaster
Recovery
tes2ng
plan
of
the
applica2on
(before
migra2ng
to
cloud)
which
can
be
updated
to
handle
the
same
applica2on
a_er
it
is
hosted
on
Cloud?
Yes
Compa2bility
tes2ng
Do
we
have
the
Compa2bility
test
cases
of
the
web
applica2on
before
migra2ng
to
cloud
which
can
be
extended
to
the
same
applica2on
a_er
it
is
hosted
on
cloud?
Yes
Interoperability
tes2ng
Do
we
have
the
exper2se
to
test
for
Interoperability
to
ensure
that
a
new
applica2on
will
work
seamlessly
when
it
will
be
moved
from
on
premise
to
cloud
infrastructure?
No
Performance
Tes2ng
Can
we
have
a
Test
environment
created
that
is
similar
to
Produc2on
environment
and
perform
Load
and
Stress
tes2ng
leveraging
the
scenarios
we
have
before
migra2ng
to
cloud
and
ensure
all
SLA’s
are
met?
Yes
Cloud
Tes&ng
Readiness
Percentage
63.64%