A retailer can request testing of their Voyado Elevate integration. This can include general performance tests as well as penetration tests. These testing policies must be followed when requesting a test.
All tests must be approved by the Voyado Lund IT department to ensure that the test does not impact other of Voyado's customers. For certain tests, a separate test environment might be needed as a precaution. The retailer is responsible for any additional costs that arise because of customer-initiated testing.
Voyado reserves the right to deny, re-schedule and/or redesign the test requested, if there is a risk of adverse effects to the business.
Please note that some types of tests will be off-limits for retailers whose environment and/or supporting services is running in AWS. AWS has restrictions regarding penetration testing in general, and DDoS (denial-of-service) and other disruptive types of attacks. For more information, see AWS Penetration Testing.
Documentation and request¶
To be approved, supporting documentation and a formal request must be sent to Voyado. Depending on the type of test that is to be performed, the required time to analyse the scenario and set up any needed precautions may vary. Voyado does not guarantee that tests can be performed within a certain number of days after a request has been submitted.
All the sub-categories, e.g. test type, test scenario, and test execution, mentioned below must be addressed in all test requests. If any questions arise regarding the requested information, or interpretation of the contents of this page, please contact Voyado Lund IT department for further assistance.
Tests are categorised into four main types. These are rather large types that each span over several different tests. If no test type seem to be the exact fit, please choose the one that is closest within the test scenario.
If more than one test are to be performed, one request for each test is required.
General performance test¶
Please note that this test type is to be used only if the performance test does not fall under the load test or stress test types.
Performance tests are a superset of both load and stress testing. They help to set the benchmark and standards for an application. The aim of performance testing is to get an indication of how an application behaves under regular parameters. In performance testing, load limit is both below and above the threshold of a break.
Possible objectives of performance testing¶
- Validating that an application performs properly.
- Validating to conform the performance needs of the business.
- Finding, analysing, and fixing performance issues.
- Validating that the hardware is adequate to handle the expected load.
- Doing capacity planning for future demand of the application.
Load tests are a subset of performance testing. They are conducted to recognise the upper limit of the system. Resource usage, availability, and reliability are validated under this testing. The attributes which are checked in a load test are peak performance, server quantity and response times.
Possible objectives of load testing¶
- Finding bugs such as memory management, memory leaks, and buffer overflows.
- To assure that an application can achieve the performance point recognized during performance testing.
- To determine the operating capacity of an application
- To check that the current infrastructure is sufficient to run the application.
- To check what numbers of concurrent visitors an application can support, and scalability to allow more visitors to access it.
Stress tests are a subset of performance testing. They are conducted to control how the system behaves under extreme loads and how it recovers from failure. Stress testing aims to ensure that under a sudden high load for a considerable duration, the servers do not crash. This kind of testing checks stability response time, etc. In stress testing, the load limit is above the threshold of a break.
Possible objectives of stress testing¶
- To assist the testing unit to test the system in the situation of failures.
- To ensure that the system has saved the data before (potentially) crashing.
- To ensure that any unexpected failures do not harm the systems' security.
Penetration tests are an authorized simulated cyber attack on a computer system, performed to evaluate the security of the system. The tests are performed to identify vulnerabilities, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.
Possible objectives of penetration testing¶
- To evaluate attack surfaces and identifying any weaknesses in externally facing devices.
- To test a visitor's judgement in responding to deceptive email and/or other communications.
- To evaluate the effectiveness of the security policy.
An as detailed test scenario as possible is needed for Voyado to evaluate and support the test. Information such as, but not limited to:
- What is the intention of the test?
- What function(s) will be tested, and what are the expected outcomes?
- How will those functions be tested? Information about method, as well as intensity and duration is needed by the voyado IT department.
If several types of tests are to be performed, or if several functions are to be tested, documentation for each scenario is required.
If the tests are to be performed simultaneously, then additional information will be required, such as how the different tests may affect each other's outcome, and what the gain from running them at the same time would be.
The Voyado Lund IT Department needs information regarding when the test will be performed: when it starts and ends, as well as a contact person within the company performing the test. Note that if the test is conducted during non-office hours, the contact person must be readily available during this time as well.
Voyado reserves the right to abort any test if it is deemed harmful to our and/or our customers' production environment, at any time during the test.
The application for customer-initiated testing must be submitted to the Voyado Lund IT Department for each test that is to be performed.