This document discusses testing frameworks on AWS cloud. It covers load testing using custom scripts to simulate thousands of users, vulnerability testing using the BlazeClan VAS tool, availability testing using Chaos Monkey to randomly terminate instances, and the features of the BlazeClan solution including pre-built scripts, quick start options, and reporting and analytics capabilities. The solution aims to help customers test applications on AWS cloud faster and more efficiently.
2. Blazeclan
Cloud Testing: Why it Matters
CloudIT Better2
Source : Aberdeen Research
Poor Application
Performance
=
Loss of Revenue
60% organizations loss
9% of revenue due to Poor
Application
4. Blazeclan
Load Testing – Custom Load Testing Script
CloudIT Better4
- Increased User
Load
- Increased
Transactions
- Increased database
volume
Condition for an
application to Scale
Up or Scale out
Custom load testing
scripts, deployed on a
slave-master
architecture that
emulate thousands of
virtual users
performing real-life
transactions on a
system emulating
production traffic.
-Create test scripts
-Launch EC2
Machines
-Configure test
-Execute using
Jmeter
-Download Test
results
Testing on AWS CloudLoad Testing Testing Scripts
5. Blazeclan CloudIT Better5
Controller
Master
SlavesSlaves Slaves
Virtual
Users
Virtual
Users
Virtual
Users
Web App
Server
Security Group
EC2 Instance
Security Group
EC2 Instance
Security Group
EC2 Instance
Security Group
EC2 Instance
Auto scaling Group
Web App
Server
Web App
Server
Web App
Server
Availability Zone #
Region
Load
testing
scripts
RequestsE L B
Instance starts if threshold meets
Default Instances
for load serving
Add
Auto Scaling
Load Testing – On AWS
6. Blazeclan
Load Testing on AWS – What it Includes
CloudIT Better6
Real-Time Analytics
Test Cloud
Rapid
Powerful
reporting
Dynamic
Create your
test Scenario
Accurate
and easy
to
simulate
load
Build,
execute, &
analyze
performance
7. Blazeclan
Vulnerability Assessment Testing – BlazeClan VAS
CloudIT Better7
Vulnerability testing
- identify the security holes.
- vulnerabilities in the application.
- forecasts the potential hazards.
Blazeclan VAS
Vulnerability
Assessment tool
Browser based
tool
Built on top of
Open VAS
Image courtesy :
http://dgdsbygo8mp3h.cloudfront.net/sites/default/files/Article-
Images/cissp-article4-image01.png
The scanner very
Efficiently executes
the actual Network
Vulnerability Tests
(NVTs) on the target.
8. Blazeclan CloudIT Better8
OpenVAS
Scanner
Amazon
Route 53
Elastic
Load
Balancer
Region
EC2 Instances
Auto scaling Group
Availability Zone #
Security Group
Web App
Server
OpenVAS
Manager
NVT’s
BlazeClan
VAS
Browser based
client
SCANTARGETS
Internet
NVT Feeds
BlazeClan VAS – Architectural Diagram
9. Blazeclan
Vulnerability (Security) Testing – What it Includes
CloudIT Better9
• Discovery
• Vulnerability Scan
• Vulnerability Assessment
• Security Assessment
• Penetration Test
• Security Audit
• Configuration of the application or the server
• Services running on the server
• Existing user or customer data hosted by the application
• Spoofing
• URL manipulation
• SQL injection
• XSS (Cross Site Scripting)
10. Blazeclan
Availability Testing - Chaos Monkey
CloudIT Better10
Chaos Monkey,
“randomly disables
production instances to
make sure it can survive
common types of failure
without any customer
impact”
Availability testing
means:
Run application for
a period of time
Collect failures
Compare the
percentage of
availability.
EC2 EC2 EC2 EC2
Auto scaling Group
Auto Scaling group launches new instances
as and when threshold condition meets.
- Identify the
failure events
- Repair time
- Recovery from
failures
Availability testing
11. Blazeclan
Checking for availability by killing instances
CloudIT Better11
Web App
Server
CHAOS
MONKEY
Amazon
Route 53
www.example.co
m
Elastic
Load
Balancer
Region
Availability Zone #1 Availability Zone #2 Availability Zone #4Availability Zone #3
Security Group
EC2 Instance
Security Group
EC2 Instance
Security Group
EC2 Instance
Security Group
EC2 Instance
Web App
Server
Web App
Server
Web App
Server
Auto scaling Group
Instance starts if threshold meets
Chaos monkey
attacking
instances
randomly
Chaos monkey
attacking instances
randomly
1
2
3
5
6
7
Web App
Server
Web App
Server
Web App
Server3 3 3
4
5
6
7
12. Blazeclan
How Chaos Monkey Works
CloudIT Better12
Web App
Server
Security Group
EC2 Instance
Security Group
EC2 Instance
Security Group
EC2 Instance
Security Group
EC2 Instance
Web App
Server
Web App
Server
Web App
Server
Auto scaling Group
Monitoring
Server
Activities
Conditions on meeting
threshold
Add a
Resource
Remove a
Resource
Attacking a
Resource
Randomly
Attacking a
Resource
Randomly
Chaos Monkey
Reporting
server
activities
Launch
new Server
Chaos Monkey
13. Blazeclan
Availability Test - What it Includes
CloudIT Better13
The availability
testing is
performed to
remove single
point of failures
Test the Change
Control Process
Test
Catastrophic
Failure
Test the
Failover
Technologies
Mean
Time To
Recover
Test the
Monitoring
Technology
Test the Help
Desk
Procedures
Test for
Resource
Conflicts
Mean Time
Between
Failure
Mean
Logistics
Delay
Time
14. Blazeclan
Solution Features
CloudIT Better14
Pre-Build
Scripts Quick Start
Reports and
Analytics
Repository of pre-
build test scripts of
load and
performance testing.
Running
application and
Pre-baked AMI
in the cloud.
Graphical reports
and detailed
Analytics