tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henning Heil" <>
Subject Re: [OT] destructive / negative / pathology testing *help, help!*
Date Thu, 27 Mar 2003 14:24:47 GMT
In addition to my first post and to clear things up a bit:

I am a little step further at the moment, in general you can say 
negative testing is going beyond the borders of normal (load, stress, 
fail-over, UAT, etc.) testing. Some aspects of negative testing in my 
(just reached and incomplete) sense would now be:

- intercepting & faking post/get/http headers
- inserting SQL-statements into the applications forms to corrupt 
databases / tables / etc
- creating queries exceeding max execution time or max number of results 
can be handled
- manually creating / inserting datasets which make the application 
collapse when being read again (by one of the above ways?)
- reverse engineering of java clients, writing your own client and using 
the original client's server connection to do bad things similar to the 
above mentioned (this case would maybe definetly go beyond the point we 
would call 'hacking')
- and also manipulating any kind of software (the JVM?) to reach one or 
more of the following effects

this all leads / should lead the application to stop / shut down / break 
in not a planned way, e.g. without being able to write logs or showing 
readable error messages to the user, stopping the server or doing other 
unattractive things like killing all sessions or throwing all users out.

I mainly concentrate on webapps, but also have to take a look at 
I do not cover destroying hardware (disks ...) or things like that.

Does anyone have more 'phantasies' on that?

Thanks for your attention again,


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message