Performing Testing Security in The Cloud Based Application
Security In The Cloud: So how do you test for security in the cloud? Many options are available in both the manual and automated tools you have used with web applications, but there are other options as well.
The tools listed here are discussed at SearchSecurity.com and are representative of normal tools for cloud testing.
SOASTA CloudTest: This suite can enable four types of testing on a single web platform: mobile functional and performance testing and web-based functional and performance testing.
It can simulate millions of geographically dispersed concurrent users visiting a website to test the application under huge loads.
LoadStorm: LoadStorm is a load-testing tool for web and mobile applications and is easy to use and cost effective. It is ideal for checking performance under excessive traffic or usage and is highly scalable; it can simulate as many virtual users as required to find the breaking point of a website or app. Various load-testing scenarios are available, which are also customizable.
BlazeMeter: BlazeMeter is used for end-to-end performance and load testing of mobile apps, websites, and APIs.
It is JMeter compatible and can simulate up to 1 million users. It facilitates realistic load tests and performance monitoring combined with real-time reporting.
Nexpose: Nexpose is a widely used vulnerability scanner that can detect vulnerabilities, misconfigurations, and missing patches in a range of devices, firewalls, virtualized systems, cloud infrastructure, and the like.
You can use it to detect threats such a viruses, malware, backdoors, and web services linking to malicious content. For sectors like healthcare and banking, it can also be used to perform compliance auditing.
It generates scan reports and remediation recommendations in flexible formats, including sending targeted emails.
AppThwack: AppThwack is a cloud-based simulator for testing Android, iOS, and web apps on actual device.
It is compatible with popular automation platform like Robotium, Calabash, UI Automation, and several others.
If you wish to test through clients other than the official site, there is a REST API that allows that. Other key features include multiplatform support, customizable testing, and detailed test reports.
Jenkins Dev@Cloud: Dev@Cloud facilitates development, continuous deployment, and integration on the cloud. It allows development in many languages and deployment to any number of services.
It provides a wide array of mobile tools for development and allows you to connect securely to existing systems via the cloud.
It brings in benefits of third-party systems like Google App Engine, Cloud Foundry, and AWS Elastic Beanstalk.
Xamarin Test Cloud: Xamarin Test Cloud is a UI acceptance-testing tool for mobile apps. It allows writing tests in C# using the NUnit testing library through the UITest framework or in Ruby through the Calabash framework.
The tool runs the test on over a thousand physical devices and displays full-resolution screen shots of each step, including relevant data like CPU and memory usage and test time. It can be integrated into automated build for continuous integration.