Stress-testing has been widely used by businesses, governments, and other organizations to evaluate the strength of their web applications against various attacks. However, the quality of these tests is under constant scrutiny to determine their effectiveness. The present study compares four stress-testing tools, by performing the tests on two major web-based applications. All of the tools used are open source, and run on Win32 platform. The test scenarios are recorded from server log files to make the tests more realistic. Lastly, we discuss how to use stress-testing tools as a measure to avoid Denial of Service attacks on web servers and web applications. Keywords Denial of Service, Stress-testing, Ramp-up time, Think time, Response time, TTFB, TTLB, Bandwidth throttle.
Saeed Abu-Nimeh, Suku Nair, Marco F. Marchetti