How to rigorously test a site?

Question

How does one rigorously test a site for both security and speed?

What are the ways and tools for that?

Can we mimic hundreds of virtual users visiting the si

Answer 1

If this is just supposed to be a Stress Test, try http://freshmeat.net/projects/siege/

Siege is a regression test and benchmark utility. It can stress test a single URL with a user defined number of simulated users, or it can read many URLs into memory and stress them simultaneously. The program reports the total number of hits recorded, bytes transferred, response time, concurrency, and return status. Siege supports HTTP/1.0 and 1.1 protocols, GET and POST directives, cookies, transaction logging, and basic authentication. Its features are configurable on a per user basis.

or http://httpd.apache.org/docs/1.3/programs/ab.html

ab is a tool for benchmarking the performance of your Apache HyperText Transfer Protocol (HTTP) server. It does this by giving you an indication of how many requests per second your Apache installation can serve.

To test your PHP code, use PHPUnit. To test your frontend, use Selenium.

For security tests, I strongly suggest to buy an audit and leave that to dedicated experts. There is just too many possible attack vectors that go beyond your app code.

Answer 2

Also, I would mention Tsung.

Reding from their introduction:

Tsung is an open-source multi-protocol distributed load testing tool

It can be used to stress HTTP, WebDAV, SOAP, PostgreSQL, MySQL, LDAP and Jabber/XMPP servers. Tsung (formerly known as IDX-Tsunami) is a free software released under the GPLv2 license.

The purpose of Tsung is to simulate users in order to test the scalability and performance of IP based client/server applications. You can use it to do load and stress testing of your servers. Many protocols have been implemented and tested, and it can be easily extended. WebDAV, LDAP and MySQL support have been added recently (experimental).

It can be distributed on several client machines and is able to simulate hundreds of thousands of virtual users concurrently (or even millions if you have enough hardware ...).

Tsung is developed in Erlang, an open-source language made by Ericsson for building robust fault-tolerant distributed applications.

Tsung is supported by Process-One