I wrote own http server. Are there any free software, test packages or toolset to validate whether it complies fully or partially with HTTP 1.0 (rfc 1945). And moreover it'd great if this software could estimate http performance and check for potential security issues. The same is wanted from this software in respect of FTP compliance validation.
-
Noticed in replies to http://serverfault.com/questions/2107/tools-for-load-testing-http-servers someone has suggested OpenSTA. Is it capable for compliance testing? – pmod Jul 14 '10 at 17:51
6 Answers
You could use apachebench for the performance testing.
- 3,490
- 16
- 13
-
Right, it's a benchmarking tool, but I'm interested more in full coverage of HTTP server implementation. Thank you! – pmod Jul 14 '10 at 10:35
This is really a programming issue, but as you have a bounty on the question it will stay here, at least for now.
There are a lot of Firefox add-ons designed for testing and debugging, so have a search through those see what you think is suitable for you. For security issues there are a lot of different scripts around but I should warn you that of those I've tried the results have been inconsistent and even contradictory, so I'm of two minds about their value.
The single largest issue seen in any software is buffer overflows. They can be a real pain to find at times, because they can be anywhere in the code, and often won't show up under automated testing. When I first started programming for Windows I wrote a program in which a buffer overflow went undetected for more that two years, even though the program was in daily use by several thousand users.
- 27,262
- 12
- 53
- 108
-
I pretty sure that I'd redirected here if posted in SO, so I've posted it here. I'd look at Firefox addons, however I think they are more focused on web design and web layout testing. The main point of this question is not static/runtime code analysis but in understanding which I missed and undone in my implementation of HTTP 1.0 server. – pmod Jul 14 '10 at 10:41
-
1How/If code implements written requirements falls straightly under SO's domain; why and how code on one computer interacts with another is SF. Regardless, a program that tests RFC compliance sure would be nice for much more than just HTTP. – Chris S Jul 14 '10 at 13:47
-
@Chris, I figure code testing, in whatever form that is, is very much a dev thing, sot sysadmin. – John Gardeniers Jul 14 '10 at 21:15
Lots of questions here. While I'm sure lots of people will tell you their tool does everything if only you will buy it, there are very few tools available which make a reasonable attempt at any one of these.
For the security side of things, assuming that you are only interested in serving of static content, there is a list of useful software here.
For capacity testing you could use ab which ships with apache. You might also consider scripting more complex interactions using loadrunner ($$$) or http::Recorder and www::mechanize
Most of the large software packages available as source code come with automatic testing scripts (usually a target in the Makefile, e.g. 'make test') but the Apache build instructions don't mention this - might be worth downloading the src and configuring it to see if it does have test scripts included which could be adapted.
As for performance testing/monitoring - IME there's nothing currently available which is any good (and I include Oracle's Grid Control, BMC Patrol, Google Analytics and a large number of other products in the 'not any good' category). Personally I'm using a home-grown solution which relies on very detailled logging of URL generation (have a look at mod_log_config %D option and mod_log_firstbyte).
One area I've not studied in great depth is passive monitoring - there are tools like vantage agentless but these are very, VERY expensive. PastMon may meet your requirements (its good and its free) but you're going to need some specialist and expensive hardware to run it on if you expect to measure what happens when your webserver reaches saturation.
HTH
C.
- 19,931
- 1
- 29
- 49
For code quality (buffer overflows etc) you can use http://www.coverity.com/ They have picked up so many in open source programs http://scan.coverity.com/index.html
- 3,490
- 16
- 13
-
The main point of this question is not static/runtime code analysis but in understanding which I missed or yet left undone in my implementation of HTTP 1.0 server. Thank you! – pmod Jul 14 '10 at 10:42
-
unless i do not understand english what does this mean "and check for potential security issues and the same for ftp server" – topdog Jul 14 '10 at 10:56
-
You could try some of this:
http://java-source.net/open-source/web-testing-tools
or
http://www.softwareqatest.com/qatweb1.html
have fun
- 1,587
- 4
- 21
- 38