Performance Test Your Password Protected Pages, New Export Options and More!
Test Your Password Protected Pages
If you’re hosting a full blown web based application (like Zoompf), or even a smaller password protected area of your content/ecommerce site, you’ll like this feature.
The Login Script feature allows you to specify user/password login credentials to be used prior to running a performance test on a specific password protected page in your site. For example, say you want to test a heavy user dashboard page that requires a login to access.
This feature works like such:
- When creating a New Performance Test, select the Advanced option and expand the Authorization section.
- Check Enable Login Script and you’ll see something like this:
3. For the Login Page URL field, enter the URL of the page you typically use to log into your site. If this is not readily apparent, try logging out of your site first, then visiting the password protected page you want to test. Most likely the web application will redirect you to a login page. That’s the URL you want to use here.
4. Login Form is an optional field to be used only if your login page contains multiple HTML form tags. For most login pages, you can leave this blank.
If your login page does contain more than 1 form tag, use this field to specify the name or id attribute of the form tag surrounding your user and password input fields. The scanner will match on name first, id second. If neither exist, you’ll need to add one of these attributes to your source code.
5. Plug in the name and password form field names and values. Typically these are in HTML input tags with names like “email” and “password”, but might be different based on your site. If your login has additional parameters (say a userid as well), then click Add Field to supply additional form values to post for the login.
6. You can now close out the authorization section and continue to configure your performance test as before. For the Start URL, specify the direct URL to the password protected page you want to test.
7. Launch the test. The Zoompf Performance scanner will first visit the login page url you provided using the field name/values you provided. Assuming the login succeeds, the web server will return an authorization cookie that is then passed with the next request to the start URL(s) for the performance test, thus granting authorized access to that protected page.
Once the test is complete, you’ll see a nice screenshot of the password protected page and all cookies are cleared from the scanner server to preserve your security. Still, to be ultra-safe, we’d recommend only using a userid with limited permissions for your testing.
Useful in more limited access situations like corporate intranets, the Zoompf scanner can also utilize HTTP Authentication to access protected pages. To use, expand the Authentication section mentioned above and scroll down to the HTTP Authentication section. You can now supply domain specific user/password pairs for the various resources loaded by your page (and the start page itself). Simply supply user:password@domain in each line like below:
The user/password pairs will be sent in the HTTP header requests for only those domains specified.
Again, we recommend using user/passwords with limited security access, and ideally only for https resources. Still, this may be useful for testing new development projects or limited access corporate intranets.
Export That Data!
For our second act, I wanted to highlight the new Export button available in the upper-right corner of almost every view.
Depending on the page (or the tab) selected, you’ll get different options for what can be exported:
- Copy to Clipboard: a plain text summary of the content on the page that can easily be embedded in a report or your defect tracker.
- Email Summary: that same summary, but embeddable in a plain text email that can be sent to an engineer or your defect tracker.
- Download CSV: exports a full comma separated value list of all data shown on the active table in the view, preserving any sorting or filtering options used on that page.
A few special notes about the CSV download:
- If you’re in the snapshot view, the CSV is context specific to the currently selected tab…so try it on different tabs!
- While the download preserves any sorting or filtering you’ve done on the page, it will export ALL data matching that sort/filter, not just the one page of data you see on the page. In other words, it’s a full export.
- Where possible, all links exported are share links, meaning they are accessible to users without requiring a login. Share links are a “safe” read-only view into a specific piece of data that are designed to be readily shared with other teams or groups.
- All data is in raw format to provide the largest degree of granularity. So for example, file sizes are always in bytes. (and remember 1 kb = 1024 bytes and not 1,000 bytes so there may be a slight adjustment from what you see in the views).
There’s some rich data to mine in there, and of course we’re always open to feedback on additional information that will help you optimize your site.
Anyway, that’s it for now, stay tuned for more exciting announcements coming soon!