Mudanças entre as edições de "Transporte 1.1.1.21"

De MSTECH wiki
Ir para: navegação, pesquisa
(Testes Realizados)
(Testes Realizados)
Linha 18: Linha 18:
 
|-
 
|-
 
|Test Application Platform Configuration
 
|Test Application Platform Configuration
|OTG-CONFIG-002
+
|[https://www.owasp.org/index.php/Test_Application_Platform_Configuration_(OTG-CONFIG-002) OTG-CONFIG-002]
 
|na
 
|na
 
|-
 
|-
 
|Test File Extensions Handling for Sensitive Information
 
|Test File Extensions Handling for Sensitive Information
|OTG-CONFIG-003
+
|[https://www.owasp.org/index.php/Test_File_Extensions_Handling_for_Sensitive_Information_(OTG-CONFIG-003) OTG-CONFIG-003]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Review Old, Backup and Unreferenced Files for Sensitive Information
 
|Review Old, Backup and Unreferenced Files for Sensitive Information
|OTG-CONFIG-004
+
|[https://www.owasp.org/index.php/Review_Old,_Backup_and_Unreferenced_Files_for_Sensitive_Information_(OTG-CONFIG-004) OTG-CONFIG-004]
 
|F
 
|F
 
|-
 
|-
 
|Test HTTP Methods
 
|Test HTTP Methods
|OTG-CONFIG-006
+
|[https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006) OTG-CONFIG-006]
 
|na
 
|na
 
|-
 
|-
 
|Test HTTP Strict Transport Security
 
|Test HTTP Strict Transport Security
|OTG-CONFIG-007
+
|[https://www.owasp.org/index.php/Test_HTTP_Strict_Transport_Security_(OTG-CONFIG-007) OTG-CONFIG-007]
 
|F
 
|F
 
|-
 
|-
 
|Test RIA cross domain policy
 
|Test RIA cross domain policy
|OTG-CONFIG-008
+
|[https://www.owasp.org/index.php/Test_RIA_cross_domain_policy_(OTG-CONFIG-008) OTG-CONFIG-008]
 
|na
 
|na
 
|-
 
|-
 
|Test Role Definitions
 
|Test Role Definitions
|OTG-IDENT-001
+
|[https://www.owasp.org/index.php/Test_Role_Definitions_(OTG-IDENT-001) OTG-IDENT-001]
 
|na
 
|na
 
|-
 
|-
 
|Test User Registration Process
 
|Test User Registration Process
|OTG-IDENT-002
+
|[https://www.owasp.org/index.php/Test_User_Registration_Process_(OTG-IDENT-002) OTG-IDENT-002]
 
|na
 
|na
 
|-
 
|-
 
|Test Account Provisioning Process
 
|Test Account Provisioning Process
|OTG-IDENT-003
+
|[https://www.owasp.org/index.php/Test_Account_Provisioning_Process_(OTG-IDENT-003) OTG-IDENT-003]
 
|na
 
|na
 
|-
 
|-
 
|Testing for Account Enumeration and Guessable User Account
 
|Testing for Account Enumeration and Guessable User Account
|OTG-IDENT-004
+
|[https://www.owasp.org/index.php/Testing_for_Account_Enumeration_and_Guessable_User_Account_(OTG-IDENT-004) OTG-IDENT-004]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Credentials Transported over an Encrypted Channel
 
|Testing for Credentials Transported over an Encrypted Channel
|OTG-AUTHN-001
+
|[https://www.owasp.org/index.php/Testing_for_Credentials_Transported_over_an_Encrypted_Channel_(OTG-AUTHN-001) OTG-AUTHN-001]
 
|F
 
|F
 
|-
 
|-
 
|Testing for default credentials
 
|Testing for default credentials
|OTG-AUTHN-002
+
|[https://www.owasp.org/index.php/Testing_for_default_credentials_(OTG-AUTHN-002) OTG-AUTHN-002]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Weak lock out mechanism
 
|Testing for Weak lock out mechanism
|OTG-AUTHN-003
+
|[https://www.owasp.org/index.php/Testing_for_Weak_lock_out_mechanism_(OTG-AUTHN-003) OTG-AUTHN-003]
 
|na
 
|na
 
|-
 
|-
 
|Testing for Bypassing Authentication Schema
 
|Testing for Bypassing Authentication Schema
|OTG-AUTHN-004
+
|[https://www.owasp.org/index.php/Testing_for_Bypassing_Authentication_Schema_(OTG-AUTHN-004) OTG-AUTHN-004]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Vulnerable Remember Password
 
|Testing for Vulnerable Remember Password
|OTG-AUTHN-005
+
|[https://www.owasp.org/index.php/Testing_for_Vulnerable_Remember_Password_(OTG-AUTHN-005) OTG-AUTHN-005]
 
|na
 
|na
 
|-
 
|-
 
|Testing for Browser cache weakness
 
|Testing for Browser cache weakness
|OTG-AUTHN-006
+
|[https://www.owasp.org/index.php/Testing_for_Browser_cache_weakness_(OTG-AUTHN-006) OTG-AUTHN-006]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Weak password policy
 
|Testing for Weak password policy
|OTG-AUTHN-007
+
|[https://www.owasp.org/index.php?title=Testing_for_Weak_password_policy_(OTG-AUTHN-007)&setlang=en OTG-AUTHN-007]
 
|na
 
|na
 
|-
 
|-
 
|Testing for weak password change or reset functionalities
 
|Testing for weak password change or reset functionalities
|OTG-AUTHN-009
+
|[https://www.owasp.org/index.php/Testing_for_weak_password_change_or_reset_functionalities_(OTG-AUTHN-009) OTG-AUTHN-009]
 
|na
 
|na
 
|-
 
|-
 
|Testing for Weaker authentication in alternative channel
 
|Testing for Weaker authentication in alternative channel
|OTG-AUTHN-010
+
|[https://www.owasp.org/index.php/Testing_for_Weaker_authentication_in_alternative_channel_(OTG-AUTHN-010) OTG-AUTHN-010]
 
|na
 
|na
 
|-
 
|-
 
|Testing Directory traversal/file include
 
|Testing Directory traversal/file include
|OTG-AUTHZ-001
+
|[https://www.owasp.org/index.php/Testing_Directory_traversal/file_include_(OTG-AUTHZ-001) OTG-AUTHZ-001]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Bypassing Authorization Schema
 
|Testing for Bypassing Authorization Schema
|OTG-AUTHZ-002
+
|[https://www.owasp.org/index.php/Testing_for_Bypassing_Authorization_Schema_(OTG-AUTHZ-002) OTG-AUTHZ-002]
 
|F
 
|F
 
|-
 
|-
 
|Testing for Privilege escalation
 
|Testing for Privilege escalation
|OTG-AUTHZ-003
+
|[https://www.owasp.org/index.php?title=Testing_for_Privilege_escalation_(OTG-AUTHZ-003)&setlang=en OTG-AUTHZ-003]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Insecure Direct Object References
 
|Testing for Insecure Direct Object References
|OTG-AUTHZ-004
+
|[https://www.owasp.org/index.php?title=Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004)&setlang=en OTG-AUTHZ-004]
 
|F
 
|F
 
|-
 
|-
 
|Testing for Session Management Schema
 
|Testing for Session Management Schema
|OTG-SESS-001
+
|[https://www.owasp.org/index.php/Testing_for_Session_Management_Schema_(OTG-SESS-001) OTG-SESS-001]
 
|F
 
|F
 
|-
 
|-
 
|Testing for cookies attributes
 
|Testing for cookies attributes
|OTG-SESS-002
+
|[https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OTG-SESS-002) OTG-SESS-002]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Session Fixation
 
|Testing for Session Fixation
|OTG-SESS-003
+
|[https://www.owasp.org/index.php/Testing_for_Session_Fixation_(OTG-SESS-003) OTG-SESS-003]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Exposed Session Variables
 
|Testing for Exposed Session Variables
|OTG-SESS-004
+
|[https://www.owasp.org/index.php/Testing_for_Exposed_Session_Variables_(OTG-SESS-004) OTG-SESS-004]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for CSRF
 
|Testing for CSRF
|OTG-SESS-005
+
|[https://www.owasp.org/index.php/Testing_for_CSRF_(OTG-SESS-005) OTG-SESS-005]
 
|F
 
|F
 
|-
 
|-
 
|Testing for logout functionality
 
|Testing for logout functionality
|OTG-SESS-006
+
|[https://www.owasp.org/index.php/Testing_for_logout_functionality_(OTG-SESS-006) OTG-SESS-006]
 
|F
 
|F
 
|-
 
|-
 
|Testing for Session Timeout
 
|Testing for Session Timeout
|OTG-SESS-007
+
|[https://www.owasp.org/index.php?title=Test_Session_Timeout_(OTG-SESS-007)&setlang=en OTG-SESS-007]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Session puzzling
 
|Testing for Session puzzling
|OTG-SESS-008
+
|[https://www.owasp.org/index.php/Testing_for_Session_puzzling_(OTG-SESS-008) OTG-SESS-008]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Reflected Cross site scripting
 
|Testing for Reflected Cross site scripting
|OTG-INPVAL-001
+
|[https://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_(OTG-INPVAL-001) OTG-INPVAL-001]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Stored Cross site scripting
 
|Testing for Stored Cross site scripting
|OTG-INPVAL-002
+
|[https://www.owasp.org/index.php/Testing_for_Stored_Cross_site_scripting_(OTG-INPVAL-002) OTG-INPVAL-002]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for HTTP Verb Tampering
 
|Testing for HTTP Verb Tampering
|OTG-INPVAL-003
+
|[https://www.owasp.org/index.php?title=Testing_for_HTTP_Verb_Tampering_(OTG-INPVAL-003)&setlang=en OTG-INPVAL-003]
 
|na
 
|na
 
|-
 
|-
 
|Testing for HTTP Parameter pollution
 
|Testing for HTTP Parameter pollution
|OTG-INPVAL-004
+
|[https://www.owasp.org/index.php/Testing_for_HTTP_Parameter_pollution_(OTG-INPVAL-004) OTG-INPVAL-004]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for SQL Injection
 
|Testing for SQL Injection
|OTG-INPVAL-005
+
|[https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) OTG-INPVAL-005]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for LDAP Injection
 
|Testing for LDAP Injection
|OTG-INPVAL-006
+
|[https://www.owasp.org/index.php/Testing_for_LDAP_Injection_(OTG-INPVAL-006) OTG-INPVAL-006]
 
|na
 
|na
 
|-
 
|-
 
|Testing for XML Injection
 
|Testing for XML Injection
|OTG-INPVAL-008
+
|[https://www.owasp.org/index.php?title=Testing_for_XML_Injection_(OTG-INPVAL-008)&setlang=en OTG-INPVAL-008]
 
|na
 
|na
 
|-
 
|-
 
|Testing for SSI Injection
 
|Testing for SSI Injection
|OTG-INPVAL-009
+
|[https://www.owasp.org/index.php?title=Testing_for_SSI_Injection_(OTG-INPVAL-009)&setlang=en OTG-INPVAL-009]
 
|na
 
|na
 
|-
 
|-
 
|Testing for XPath Injection
 
|Testing for XPath Injection
|OTG-INPVAL-010
+
|[https://www.owasp.org/index.php?title=Testing_for_XPath_Injection_(OTG-INPVAL-010)&setlang=en OTG-INPVAL-010]
 
|na
 
|na
 
|-
 
|-
 
|Testing for IMAP/SMTP Injection
 
|Testing for IMAP/SMTP Injection
|OTG-INPVAL-011
+
|[https://www.owasp.org/index.php/Testing_for_IMAP/SMTP_Injection_(OTG-INPVAL-011) OTG-INPVAL-011]
 
|na
 
|na
 
|-
 
|-
 
|Testing for Code Injection
 
|Testing for Code Injection
|OTG-INPVAL-012
+
|[https://www.owasp.org/index.php?title=Testing_for_Code_Injection_(OTG-INPVAL-012)&setlang=en OTG-INPVAL-012]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Command Injection
 
|Testing for Command Injection
|OTG-INPVAL-013
+
|[https://www.owasp.org/index.php?title=Testing_for_Command_Injection_(OTG-INPVAL-013)&setlang=en OTG-INPVAL-013]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Buffer Overflow
 
|Testing for Buffer Overflow
|OTG-INPVAL-014
+
|[https://www.owasp.org/index.php/Testing_for_Buffer_Overflow_(OTG-INPVAL-014) OTG-INPVAL-014]
 
|na
 
|na
 
|-
 
|-
 
|Testing for Incubated Vulnerability
 
|Testing for Incubated Vulnerability
|OTG-INPVAL-015
+
|[https://www.owasp.org/index.php?title=Testing_for_Incubated_Vulnerability_(OTG-INPVAL-015)&setlang=en OTG-INPVAL-015]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for HTTP Splitting/Smuggling
 
|Testing for HTTP Splitting/Smuggling
|OTG-INPVAL-016
+
|[https://www.owasp.org/index.php?title=Testing_for_HTTP_Splitting/Smuggling_(OTG-INPVAL-016)&setlang=en OTG-INPVAL-016]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Information Disclosure
 
|Testing for Information Disclosure
|OTG-ERR-001, OTG-ERR-002
+
|[https://www.owasp.org/index.php/Testing_for_Error_Code_(OTG-ERR-001) OTG-ERR-001], [https://www.owasp.org/index.php/Testing_for_Stack_Traces_(OTG-ERR-002) OTG-ERR-002]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection
 
|Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection
|OTG-CRYPST-001
+
|[https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_(OTG-CRYPST-001) OTG-CRYPST-001]
 
|na
 
|na
 
|-
 
|-
 
|Testing for Padding Oracle
 
|Testing for Padding Oracle
|OTG-CRYPST-002
+
|[https://www.owasp.org/index.php?title=Testing_for_Padding_Oracle_(OTG-CRYPST-002)&setlang=en OTG-CRYPST-002]
 
|na
 
|na
 
|-
 
|-
 
|Testing for Sensitive information sent via unencrypted channels
 
|Testing for Sensitive information sent via unencrypted channels
|OTG-CRYPST-003
+
|[https://www.owasp.org/index.php?title=Testing_for_Sensitive_information_sent_via_unencrypted_channels_(OTG-CRYPST-003)&setlang=en OTG-CRYPST-003]
 
|na
 
|na
 
|-
 
|-
 
|Tests of business logic
 
|Tests of business logic
|OTG-BUSLOGIC-001..009
+
|[https://www.owasp.org/index.php/Testing_for_business_logic OTG-BUSLOGIC-001..009]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for DOM-based Cross site scripting
 
|Testing for DOM-based Cross site scripting
|OTG-CLIENT-001
+
|[https://www.owasp.org/index.php/Testing_for_DOM-based_Cross_site_scripting_(OTG-CLIENT-001) OTG-CLIENT-001]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for JavaScript Execution
 
|Testing for JavaScript Execution
|OTG-CLIENT-002
+
|[https://www.owasp.org/index.php/Testing_for_JavaScript_Execution_(OTG-CLIENT-002) OTG-CLIENT-002]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for HTML Injection
 
|Testing for HTML Injection
|OTG-CLIENT-003
+
|[https://www.owasp.org/index.php/Testing_for_HTML_Injection_(OTG-CLIENT-003) OTG-CLIENT-003]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Client Side URL Redirect
 
|Testing for Client Side URL Redirect
|OTG-CLIENT-004
+
|[https://www.owasp.org/index.php/Testing_for_Client_Side_URL_Redirect_(OTG-CLIENT-004) OTG-CLIENT-004]
 
|F
 
|F
 
|-
 
|-
 
|Testing for CSS Injection
 
|Testing for CSS Injection
|OTG-CLIENT-005
+
|[https://www.owasp.org/index.php/Testing_for_CSS_Injection_(OTG-CLIENT-005)OTG-CLIENT-005
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Client Side Resource Manipulation
 
|Testing for Client Side Resource Manipulation
|OTG-CLIENT-006
+
|[https://www.owasp.org/index.php/Testing_for_Client_Side_Resource_Manipulation_(OTG-CLIENT-006) OTG-CLIENT-006]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Test Cross Origin Resource Sharing
 
|Test Cross Origin Resource Sharing
|OTG-CLIENT-007
+
|[https://www.owasp.org/index.php/Test_Cross_Origin_Resource_Sharing_(OTG-CLIENT-007) OTG-CLIENT-007]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Cross site flashing
 
|Testing for Cross site flashing
|OTG-CLIENT-008
+
|[https://www.owasp.org/index.php?title=Testing_for_Cross_site_flashing_(OTG-CLIENT-008)&setlang=en OTG-CLIENT-008]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing for Clickjacking
 
|Testing for Clickjacking
|OTG-CLIENT-009
+
|[https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009) OTG-CLIENT-009]
 
|Ok
 
|Ok
 
|-
 
|-
 
|Testing WebSockets
 
|Testing WebSockets
|OTG-CLIENT-010
+
|[https://www.owasp.org/index.php?title=Testing_WebSockets_(OTG-CLIENT-010)&setlang=en OTG-CLIENT-010]
 
|na
 
|na
 
|-
 
|-
 
|Test Web Messaging
 
|Test Web Messaging
|OTG-CLIENT-011
+
|[https://www.owasp.org/index.php?title=Test_Web_Messaging_(OTG-CLIENT-011)&setlang=en OTG-CLIENT-011]
 
|na
 
|na
 
|-
 
|-
 
|Test Local Storage
 
|Test Local Storage
|OTG-CLIENT-012
+
|[https://www.owasp.org/index.php?title=Test_Local_Storage_(OTG-CLIENT-012)&setlang=en OTG-CLIENT-012]
 
|na
 
|na
 
|}
 
|}

Edição das 18h45min de 23 de junho de 2016

Sistemas Verificados

  • Transporte Escolar, versão 1.1.1.21
  • Transporte Escolar Api, versão 1.0.0.0

Verificação de Segurança

Testes Realizados

Teste Referência OWASP Resultado
Review Webpage Comments and Metadata for Information Leakage OTG-INFO-005 Ok
Test Application Platform Configuration OTG-CONFIG-002 na
Test File Extensions Handling for Sensitive Information OTG-CONFIG-003 Ok
Review Old, Backup and Unreferenced Files for Sensitive Information OTG-CONFIG-004 F
Test HTTP Methods OTG-CONFIG-006 na
Test HTTP Strict Transport Security OTG-CONFIG-007 F
Test RIA cross domain policy OTG-CONFIG-008 na
Test Role Definitions OTG-IDENT-001 na
Test User Registration Process OTG-IDENT-002 na
Test Account Provisioning Process OTG-IDENT-003 na
Testing for Account Enumeration and Guessable User Account OTG-IDENT-004 Ok
Testing for Credentials Transported over an Encrypted Channel OTG-AUTHN-001 F
Testing for default credentials OTG-AUTHN-002 Ok
Testing for Weak lock out mechanism OTG-AUTHN-003 na
Testing for Bypassing Authentication Schema OTG-AUTHN-004 Ok
Testing for Vulnerable Remember Password OTG-AUTHN-005 na
Testing for Browser cache weakness OTG-AUTHN-006 Ok
Testing for Weak password policy OTG-AUTHN-007 na
Testing for weak password change or reset functionalities OTG-AUTHN-009 na
Testing for Weaker authentication in alternative channel OTG-AUTHN-010 na
Testing Directory traversal/file include OTG-AUTHZ-001 Ok
Testing for Bypassing Authorization Schema OTG-AUTHZ-002 F
Testing for Privilege escalation OTG-AUTHZ-003 Ok
Testing for Insecure Direct Object References OTG-AUTHZ-004 F
Testing for Session Management Schema OTG-SESS-001 F
Testing for cookies attributes OTG-SESS-002 Ok
Testing for Session Fixation OTG-SESS-003 Ok
Testing for Exposed Session Variables OTG-SESS-004 Ok
Testing for CSRF OTG-SESS-005 F
Testing for logout functionality OTG-SESS-006 F
Testing for Session Timeout OTG-SESS-007 Ok
Testing for Session puzzling OTG-SESS-008 Ok
Testing for Reflected Cross site scripting OTG-INPVAL-001 Ok
Testing for Stored Cross site scripting OTG-INPVAL-002 Ok
Testing for HTTP Verb Tampering OTG-INPVAL-003 na
Testing for HTTP Parameter pollution OTG-INPVAL-004 Ok
Testing for SQL Injection OTG-INPVAL-005 Ok
Testing for LDAP Injection OTG-INPVAL-006 na
Testing for XML Injection OTG-INPVAL-008 na
Testing for SSI Injection OTG-INPVAL-009 na
Testing for XPath Injection OTG-INPVAL-010 na
Testing for IMAP/SMTP Injection OTG-INPVAL-011 na
Testing for Code Injection OTG-INPVAL-012 Ok
Testing for Command Injection OTG-INPVAL-013 Ok
Testing for Buffer Overflow OTG-INPVAL-014 na
Testing for Incubated Vulnerability OTG-INPVAL-015 Ok
Testing for HTTP Splitting/Smuggling OTG-INPVAL-016 Ok
Testing for Information Disclosure OTG-ERR-001, OTG-ERR-002 Ok
Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection OTG-CRYPST-001 na
Testing for Padding Oracle OTG-CRYPST-002 na
Testing for Sensitive information sent via unencrypted channels OTG-CRYPST-003 na
Tests of business logic OTG-BUSLOGIC-001..009 Ok
Testing for DOM-based Cross site scripting OTG-CLIENT-001 Ok
Testing for JavaScript Execution OTG-CLIENT-002 Ok
Testing for HTML Injection OTG-CLIENT-003 Ok
Testing for Client Side URL Redirect OTG-CLIENT-004 F
Testing for CSS Injection [https://www.owasp.org/index.php/Testing_for_CSS_Injection_(OTG-CLIENT-005)OTG-CLIENT-005 Ok
Testing for Client Side Resource Manipulation OTG-CLIENT-006 Ok
Test Cross Origin Resource Sharing OTG-CLIENT-007 Ok
Testing for Cross site flashing OTG-CLIENT-008 Ok
Testing for Clickjacking OTG-CLIENT-009 Ok
Testing WebSockets OTG-CLIENT-010 na
Test Web Messaging OTG-CLIENT-011 na
Test Local Storage OTG-CLIENT-012 na

Resultados

Verificação de Desempenho

Observações sobre o teste

O CoreSSO utilizado inicialmente para os teste foi o indicado pela equipe do Transportes, copiado do TS-IIS02 e TS-BD. Contudo, o CoreSSO, apresentou problemas, dentre eles o não cadastro da tabela de layout padrão, gerando diversos erros. Desta forma, substituímos o banco e o site por outra versão indicada pela equipe do CoreSSO na época.

Vale ressaltar que o sistema conforme indicação da equipe do Transporte suportaria, em seu limite, o acesso simultâneo de 200 usuário com uma alta taxa de erro no momento de acesso ao sistema TransporteEscolar, tornando necessário a verificação e ajuste do SAML.

Cenário de uso

Cenário de uso #1
Ação realizada Think Time (segundos)
1 - Acessar tela de login 3
1 - Realizar login 7
1 - Selecionar sistema Transporte Escolar 5
2 - Acessar tela de consulta de veículos 5
2 - Preencher aba "Documentação" 20
2 - Preencher aba "Aquisição" 7
2 - Preencher aba "Condutor" 38
2 - Preencher aba "Peças e acessórios" 25
2 - Preencher aba "Despesas" 15
2 - Salvar cadastro 5
3 - Logout 5

Resultado dos testes

Nesta seção serão apresentados os resultados obtidos da execução dos testes.

  • Porcentagem de tempo do processador
Descrição: Mede a saturação do processador e mostra a quantidade de tempo despendida para processar as threads por todas as CPUs.
Limite recomendado: Abaixo de 75 %.
2016-06-21 TransporteEscolar TempoDeProcessador.png


  • Porcentagem de memória utilizada
Descrição: Indica a porcentagem de memória utilizada para uso dos processos.
Limite recomendado: Abaixo de 75 %.
2016-06-21 TransporteEscolar MemoriaUtilizada.png


  • Kbytes totais pela interface de rede
Descrição: Indica quantos Bbytes foram enviados e recebidos a cada segundo pela interface de rede.
Limite recomendado: Menor que 5 Mbytes para uma rede de 100Mbps, menor que 50 Mbytes para uma rede de 1000 Mbps. (Quanto menor melhor)
2016-06-21 TransporteEscolar NetworkTotal.png


  • Tempo médio de resposta das requisições
Descrição: Indica o tempo médio de resposta das requisições.
Limite recomendado: 5 segundos.
2016-06-21 TransporteEscolar ResponseTime.png


  • Tempo de vazão
Descrição: Indica a quantidade total de request por segundo.
Limite recomendado: Quanto maior melhor.
2016-06-22 13-37-47.png
Disponível em "http://wiki.mstech.com.br/index.php?title=Transporte_1.1.1.21&oldid=782"