Over the last year, open source software has reached a threshold. It has gone from being a blip on the radar at most companies, to being production software, or at least an option under evaluation.
Here are some Web site testing tools that haven't received much press. They don't have the David and Goliath glamour of Linux or Apache going up against Microsoft. Nevertheless, these applications can meet current testing needs, without the need to cost-justify an expensive application.
Link check analysis
HT://Check HT://Check is a console application based on ht://Dig, a free search engine. It allows web developers to not only find and report on broken links, but also cull out other information from HTML documents. It stores its data in a mySQL database that can also be used for custom queries. HT://Check has two parts: the crawler checks URLs starting with a starting point or points; the "analyser" takes the results and creates reports.
InSite InSite is a free Web site management tool that is written in Perl. It offers a wealth of information in its reports, including link verification, link type reporting, e-mail alerts on user-defined critical pages, flagging bloated pages, and even scanning pages for user-defined test strings. It also reports on what file types are being used, and the types of link errors received on links to remote sites.
Hammerhed Hammerhead is a tool designed to test out web sites. It can simulate numerous simultaneous users from multiple IP address. The developers warn "Hammerhead can destroy a web site very quickly," because of the amount of load it can place on a site. The load is fully configurable, and can be used to simulate scenarios of user action.
MaxQ MaxQ is a web functional testing tool. It has an HTTP proxy that records a test script, including values posted to web forms. Scripts can then be "played back" using a command-line utility. In a nutshell, you use the proxy to record your actions when browsing a site. These actions can then be repeated automatically using the scripting tool.
Anteater Anteater is a testing framework that makes it easier to create tests to check the functionality of web applications and web services. It can be used to automate the sending of requests to Web servers, and then test the response for use-defined criteria. It can also be used to listen for HTTP requests. When a Web request is received, Anteater can check the parameters of the request and send a response accordingly. This makes it useful for testing SOAP and XML applications.
JMeter JMeter is a Java desktop application that is designed to test functional behavior and measure web performance. It is part of the Apache Jakarta project. Though originally designed to test Web applications, it can also be used for other testing. It can test static and dynamic content, such as web pages, downloadable files, Perl scripts and Java servlets. It can also be used to simulate heavy loads for performance analysis. Reporting includes graphical performance analysis.
DieselTest DieselTest is an open-source load-testing tool. It supports unlimited virtual users, a script recorder/editor, and reporting and charting of test results. It can run on multiple machines to achieve massive scalability for high loads. It also has several features to help simulate the variety of real-world user behavior.
TPTest TPTest is an Internet bandwidth tester. It allows users to measure the speed of their Internet connections. It measures throughput speed to and from reference servers on the Internet. It can measure TCP & UDP throughput, and UDP packet loss. It supports a "standard" test, which requires no customization, which runs automatically through a set of basic tests to get a quick idea of your network bandwidth. It also allows customization to get more accurate results. In advanced mode, you can configure the test time, bytes to transfer, packets per second and more. The advanced view also provides more detailed information.
RT: Request Tracker RT: Request Tracker is a ticketing system for small to medium sized enterprises. It can be used for bugtracking, trouble ticketing, customer support and other purposes where groups need to keep track of tasks. It has Web, e-mail, and command-line interfaces. The Web interface works with all popular browsers, and allows each user to quickly check on the status of their open tickets. Information is stored in a SQL database, and can be reported on using standard SQL tools. It supports granular access control, so users can easily view their work, while protecting private documents.
The Institute for Security and Open Methodologies (ISECOM) provides extensive documentation on testing methodologies. It also provides information and application links for network surveying, war dialing, port scanning, service probing, firewall and ACL testing, sniffing, and denial of service testing. This site is a good one-stop shop for learning about open-source tools for security.
Some of these tools are a little rough around the edges, but they are all very capable. If you find your company skipping important steps in the deployment cycle because of budget constraints, give some of these tools a look.
There's a good chance that you'll find something that will meet your immediate needs, and demonstrate the value of web testing within your company.