XSS Cheet Sheet
XSS (Cross Site Scripting) Cheat Sheet 给出很多示例代码用于 XSS 攻击测试,而且标识出所支持的浏览器(版本)。用这里边的代码做了一些测试,效果相当好 
Comments (1)
A Practitioner’s Approach to Performance Testing
A Practitioner's Approach to Performance Testing
The application is horribly slow.", "I don't get the response even after I get my coffee.", "This application is useless". Sounds familiar? How many times have we heard these quotes or or felt like that ourselves? The common thread between these statements is that the performance of the application is not good.
Performance - the (in)famous buzzword. What is it? What does it mean? In this article, we'll touch upon what is involved in testing an application for performance.
With every passing day, organizations are becoming more and more conscious about the performance of their Enterprise Solutions. As the IT industry matures and the technology evolves, so does the awareness about expectations from an Enterprise Application.
Focusing just on the design / implementation and Zero-functional-defect solutions are things of the past. With increasing maturity in technology and IT staff, the 'Non-functional' aspects of the system are fast becoming focus-areas.
So what exactly are the non-functional aspects and/or requirements?
Non-functional requirements (NFRs) tell the IT team, about the kinds of usage and load the application will be subjected to, and the expected response time. We'll go into the details of this "response time" shortly.
NFRs define the Service Level Agreements (SLAs) for the system and hence the overall Performance of the Enterprise Application. Besides performance SLAs, NFRs also cover several other aspects, such as security, but for this article we are concerned with performance related objectives only.
Managing and ensuring the NFRs (SLAs) for an Enterprise Application is called Performance Engineering. Performance engineering is a vast discipline in itself which includes Performance Modeling, Performance Prototyping, Performance Testing, different types of analyses, Performance Tuning, etc. This article will not explain Performance Engineering, Queuing Theory and the science behind the various laws. This article just covers the basics about the Performance Engineering and key activities in Performance Testing. [....]
PHPUnit 支持的 group 测试
via TestNG-style Grouping of Tests
从 PHPUnit 3.2 开始,支持像 TestNG 那样的 group 测试了,使用非常简单,只需要加上 @group 即可。
<?php
class TestTest extends PHPUnit_Framework_TestCase
{
/**
* @group a
*/
public function testOne()
{
}
/**
* @group a
* @group b
*/
public function testTwo()
{
}
}
?>
使用 –group 选项运行 group 测试:
# phpunit --group a TestTest
PHPUnit 3.2.0-dev by Sebastian Bergmann.
..
Time: 0 seconds
OK (2 tests)
# phpunit --group b TestTest
PHPUnit 3.2.0-dev by Sebastian Bergmann.
.
Time: 0 seconds
OK (1 test)
Virtual Ant
Virtual Ant 是可视化的 Ant,你可以直接在窗口中录制测试过程,创建 target,运行测试,基本就是点点鼠标的操作,很酷呀。此外它还可以整合到你喜欢的 IDE 中,如 Eclipse、Intellij Idea 和 Netbeans 等。唯一遗憾的是目前还不是开源的,也不是完全免费的。可以看一下官方提供的 demo 视频。
使用 PHPUnit 3.1 进行发布测试
Sebastian Bergmann 前几天写了“Distributed Testing with PHPUnit 3.1”,谈到了即将发布的 PHPUnit 3.1 的一个新特性就是支持发布测试,实际上是把测试结果和代码覆盖数据记录到数据库中。使用此方法,可以把不同平台上的测试结果集中保存到数据库中。但同时,需要一个唯一标识字段,比较不错的选择是使用 subversion 的 revision 版本号作为这个关键字。
下边是示例脚本:
#! /bin/sh
CHECKOUT="$1"
REVISION="$2"
INFO="$3"
cd "${CHECKOUT}"
svn up -r "${REVISION}"
cd "${CHECKOUT}/Tests"
phpunit --log-pdo-dsn mysql://user:pass@host/database --log-pdo-rev "${REVISION}" --log-pdo-info "${INFO}" AllTests.php
