Analysis and Strategy for the Performance Testing in Cloud Computing

The aim of this study is the analysis and presentation of some ideas on performance testing in Cloud Computing. Performance is an important factor in testing a web application. Performance testing in cloud computing is different from that of traditional applications. Our research methodology in this article includes an overview of existing works on testing performance in Cloud Computing, focusing on discussion that the traditional benchmarks are not sufficient to analyze performance testing in Cloud Computing. In this study we are focused mainly on analysis performance metrics in Cloud Computing, based on their characteristics such as elasticity, scalability, pay-per-use and fault tolerance, and then we discuss why needed new strategies for performance testing in Cloud Computing and creation of new benchmarks. From this study we conclude that the performance testing and evaluation should be performed using new models testing, which are created according to Cloud Computing characteristics and metrics

Performance Evaluation of Serverless Applications and Infrastructures

Context. Cloud computing has become the de facto standard for deploying modern web-based software systems, which makes its performance crucial to the efficient functioning of many applications. However, the unabated growth of established cloud services, such as Infrastructure-as-a-Service (IaaS), and the emergence of new serverless services, such as Function-as-a-Service (FaaS), has led to an unprecedented diversity of cloud services with different performance characteristics. Measuring these characteristics is difficult in dynamic cloud environments due to performance variability in large-scale distributed systems with limited observability.Objective. This thesis aims to enable reproducible performance evaluation of serverless applications and their underlying cloud infrastructure.Method. A combination of literature review and empirical research established a consolidated view on serverless applications and their performance. New solutions were developed through engineering research and used to conduct performance benchmarking field experiments in cloud environments.Findings. The review of 112 FaaS performance studies from academic and industrial sources found a strong focus on a single cloud platform using artificial micro-benchmarks and discovered that most studies do not follow reproducibility principles on cloud experimentation. Characterizing 89 serverless applications revealed that they are most commonly used for short-running tasks with low data volume and bursty workloads. A novel trace-based serverless application benchmark shows that external service calls often dominate the median end-to-end latency and cause long tail latency. The latency breakdown analysis further identifies performance challenges of serverless applications, such as long delays through asynchronous function triggers, substantial runtime initialization for coldstarts, increased performance variability under bursty workloads, and heavily provider-dependent performance characteristics. The evaluation of different cloud benchmarking methodologies has shown that only selected micro-benchmarks are suitable for estimating application performance, performance variability depends on the resource type, and batch testing on the same instance with repetitions should be used for reliable performance testing.Conclusions. The insights of this thesis can guide practitioners in building performance-optimized serverless applications and researchers in reproducibly evaluating cloud performance using suitable execution methodologies and different benchmark types

СУЧАСНІ ІНСТРУМЕНТИ ТЕСТУВАННЯ БЕЗПЕКИ OWASP

With the development of information technology, humanity is increasingly delving into the world of gadgets, cloud technology, virtual reality, and artificial intelligence. Through web applications, we receive and distribute information, including confidential. During the pandemic, most people switched to online work and study. As a result, most of the data stored on personal computers, company servers, and cloud storage needs protection from cyberattacks. The problem of cybersecurity at the moment is incredibly relevant due to the hacking of cryptocurrencies, websites of ministries, bitcoin wallets or social network accounts. It is necessary to conduct high-quality testing of developed applications to detect cyber threats, to ensure reliable protection of different information. The article states that when testing applications, it checks for vulnerabilities that could arise as a result of incorrect system setup or due to shortcomings in software products. The use of innovation is necessary to improve quality. Modern realities have become a challenge for the development of cybersecurity products. Improvement of technology requires modern companies to update their IT systems and conduct regular security audits. The research is devoted to the analysis of modern OWASP testing tools that contribute to data security, with a view to their further use. The Open Web Application Security Project is an open security project. The research revealed a list of the most dangerous vectors of attacks on Web-applications, in particular, OWASP ZAP performs analyzes the sent and received data system security scanning at the primary level, MSTG performs security testing of mobile applications iOS and Android mobile devices. The practical result of the work is to test a specially developed web-application and identify vulnerabilities of different levels of criticality.Анотація. Із розвитком інформаційних технологій людство все більше заглиблюється у світ гаджетів, хма-рних технологій, віртуальної реальності і штучного інтелекту. Через web-додатки отримуємо і поширюємо інформацію, в тому числі і конфіденційну. Під час пандемії велика частина людей перейшла в онлайн режим роботи і навчання. В результаті, більшість даних, які зберігаються на персональних комп’ютерах, серверах компаній, хмарних сховищах, потребують захисту від кібератак. Проблема кібербезпеки на цей час неймовірно актуальна через зламування криптобірж, сайтів міністерств, біткоїн-гаманців чи акаунтів соцмереж. Для забезпечення надійного захисту різної інформації потрібно проводити якісне тестування розроблених додатків на виявлення кі-берзагроз. В статті зазначено, що при тестуванні додатків виконується перевірка на вразливості, які могли б виникнути в результаті неправильного налаштування системи або через недоліки програмних продуктів. Важливим є питання використання інновацій для покращення якості, зокрема сучасні реалії стали викликом для розвитку продуктів забезпечення кібербезпеки. Розвиток технологій вимагає від сучасних компаній оновлення своїх ІТ систем і проведення регулярних перевірок безпеки. Дослідження в роботі присвячене аналізу сучасних інструментів тестування OWASP, які сприяють забезпеченню безпеки даних, з метою їх подальшого використання. Open Web Application Security Project є відкритим проєктом забезпечення безпеки. При дослідженнях виявлено список найбільш небезпечних векторів атак на Web-додатки, зокрема OWASP ZAP здійснює сканування безпеки системи на базовому рівні шляхом аналізу надісланих та отриманих даних, а тестування безпеки мобільних додатків та мобільних пристроїв iOS та Android здійснюється за MSTG. Практичним результатом роботи є проведення тестування спеціально розробленого web-додатку і виявлення вразливостей різного рівня критичності

Cloud based testing of business applications and web services

This paper deals with testing of applications based on the principles of cloud computing. It is aimed to describe options of testing business software in clouds (cloud testing). It identifies the needs for cloud testing tools including multi-layer testing; service level agreement (SLA) based testing, large scale simulation, and on-demand test environment. In a cloud-based model, ICT services are distributed and accessed over networks such as intranet or internet, which offer large data centers deliver on demand, resources as a service, eliminating the need for investments in specific hardware, software, or on data center infrastructure. Businesses can apply those new technologies in the contest of intellectual capital management to lower the cost and increase competitiveness and also earnings. Based on comparison of the testing tools and techniques, the paper further investigates future trend of cloud based testing tools research and development. It is also important to say that this comparison and classification of testing tools describes a new area and it has not yet been done

Technical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study

Cloud computing has emerged as a popular paradigm and an attractive model for providing a reliable distributed computing model.it is increasing attracting huge attention both in academic research and industrial initiatives. Cloud deployments are paramount for institution and organizations of all scales. The availability of a flexible, free open source cloud platform designed with no propriety software and the ability of its integration with legacy systems and third-party applications are fundamental. Open stack is a free and opensource software released under the terms of Apache license with a fragmented and distributed architecture making it highly flexible. This project was initiated and aimed at designing a secured cloud infrastructure called BradStack, which is built on OpenStack in the Computing Laboratory at the University of Bradford. In this report, we present and discuss the steps required in deploying a secured BradStack Multi-node cloud infrastructure and conducting Penetration testing on OpenStack Services to validate the effectiveness of the security controls on the BradStack platform. This report serves as a practical guideline, focusing on security and practical infrastructure related issues. It also serves as a reference for institutions looking at the possibilities of implementing a secured cloud solution.Comment: 38 pages, 19 figures

Cloud WorkBench - Infrastructure-as-Code Based Cloud Benchmarking

To optimally deploy their applications, users of Infrastructure-as-a-Service clouds are required to evaluate the costs and performance of different combinations of cloud configurations to find out which combination provides the best service level for their specific application. Unfortunately, benchmarking cloud services is cumbersome and error-prone. In this paper, we propose an architecture and concrete implementation of a cloud benchmarking Web service, which fosters the definition of reusable and representative benchmarks. In distinction to existing work, our system is based on the notion of Infrastructure-as-Code, which is a state of the art concept to define IT infrastructure in a reproducible, well-defined, and testable way. We demonstrate our system based on an illustrative case study, in which we measure and compare the disk IO speeds of different instance and storage types in Amazon EC2