SOFTWARE TESTING is the process of gaining confidence about the quality of a product that has to be released.
DDoS testing. DDos stands for Distributed Denial of Service. A DDoS attack occurs when a malicious user tries to crash a web-site by overloading its servers with traffic. DDoS attacks have evolved rapidly since the 1990s and they now occur every day in the cyber space. Today’s DDoS are potentially more devastating because of the increasing rise of the Internet of Things. Indeed, often the reason behind a successful DDoS attack is the use of botnets which are collections of devices that have been infected with a virus thereby making them remotely controllable.
The Internet of Things means that a malicious may infect not just computers, but all the new devices that can now connect to the internet such as kettles, cameras, thermostats and so forth. In the 2016 Dyn attack which affected internet giants like Amazon and Twitter even baby monitors connected to the internet were used to enhance the power of the DDoS offensive.
In 2016 the web-site of the cybersecurity blogger Brian Krebs was attacked by a record DDoS attack which was close to 620 Gbps in size. On average a 50 Gbps DDoS attack is enough to crash the websites of big banks.
Hacker groups like the ‘Armada Collective’ have made more than 100.000 $ worth of bitcoins by threatening companies that unless they made a payment they would suffer a DDoS attack.
DDoS testing is about simulating a DDoS attack.
One type of DDoS testing is about simulating a DDoS Volume based attack. This kind of attacks aims to saturate the bandwidth of the victim’s servers by generate excessive volumes of traffic (this can even be amplified with IP spoofing). The tester can simulate such attacks with network traffic generators such as ‘Low Orbit Ion Cannon’ and ‘Switchblade’. However the tester would normally simulate the attack against cloud servers, rather than against the network infrastructure of his own company.
The point of DDoS testing is not really to do a sort of arm-wrestling competition between the bandwidth of the servers and the bandwidth of the DDoS attack, but to test the mitigation strategy. It is unrealistic to expect that the servers could withstand any sort of DDoS attack, since potentially any bandwidth level can be overwhelmed; therefore the tester will want to know how the infrastructure of the web-site is able to mitigate the DDoS attack (the instruments at disposal can be many: reverse proxies, firewalls to filter legitimate IP requests, cloud blackholing to re-direct suspicious traffic into cloud servers, load balancing, cache proxies, CAPTCHA).
DDoS testing will also provide the tester with useful metrics about the resilience and performance of the web-site. At the end of the day, DDoS testing is pretty much like stress or load testing taken to the extreme.
In addition, after a DDoS simulation, the tester will be able to witness the ‘graceful degradation’ of the web-site- which means that the tester can see if the web site is able to maintain its key functionalities working despite having been attacked.
Another type of DDoS testing is about simulating Application Layer attacks. These attacks do not specifically target the servers, they rather try to put enormous stress on key functionalities of the web-site. For example the tester may want to know how the web site reacts to repetitive SQL wildcard attacks. To test a wildcard attack, the tester will try to generate CPU-intensive queries with multiple wildcards to see if the web-site is fast enough to display the results of the queries. If the web-site is rather slow, then it means that the database is potentially vulnerable.