When we talk about website security in this day and age it’s typically accompanied with a question like "who has anonymously hacked this time?” frequently proving that no one is safe if you have annoyed the wrong people. Combine this with high profile security breaches of companies like Sony and Valves digital distribution platform ‘Steam’ and its clear the internet is a dangerous place.
The majority of attacks focus on a DDoS (Distributed Denial of Service) which in essence leaves users unable to access the website. This is done by flooding the target with excessive requests to the point where the server can no longer handle the strain. This is a popular method of attack because the Botnets required to execute one can be rented cheaply or with a little more effort created through infecting other networks.
With so much to worry about in the form of malicious users you think companies would do their best to ensure legitimate users from doing the same. Personally I have experienced this 3 times in the last year and I’m sure there are plenty more examples out there. Let me shed a little more light on these experiences:
1. HP Fire Sale – When HP announced that they were going to be selling their TouchPad for £89 the online community went crazy. Each time a new retailer announced its price had dropped chances are that minutes later the website would be struggling with load (in the best of cases) or completely stopped responding (in the worst). I saw this take down some online giants likes Dabs and Currys as well as an extensive list of small independent retailers.
2. The Ebuyer £1 sale – In an effort to shift a load of old stock Ebuyer decided to sell a bunch of items for £1; however their server capacity was not prepared for the huge increase in traffic. This resulted with the website being unusable for the majority of the day meaning that not only the people there for the sale but regular everyday users were unable to complete any transactions.
3. Apple iPhone 4S pre orders – Probably the least serious of the bunch but still worth a mention. On the day the iPhone 4S was announced the ordering system was slowed to a snail’s pace as over a million people placed pre-orders. Personally it took me around 30 minutes to complete what should have been a 5 minute process; this in turn slowed down the rest of Apples site as well.
Apple for one certainly must have learnt from their mistakes following the previous years release of the iPhone 4 where they had to stop accepting preorders at 9am due to a ‘Computer Glitch’.
While it’s difficult to predict exactly how much extra capacity would be needed for such events perhaps with a little foresight and more load testing these problems could have been recognised earlier and defensive measures put in place.
Craig Pilgrim is a Software Tester at Lightspeed IT Solutions. Testing Circle would like to thank Craig for his contribution as a guest blogger!
The majority of attacks focus on a DDoS (Distributed Denial of Service) which in essence leaves users unable to access the website. This is done by flooding the target with excessive requests to the point where the server can no longer handle the strain. This is a popular method of attack because the Botnets required to execute one can be rented cheaply or with a little more effort created through infecting other networks.
With so much to worry about in the form of malicious users you think companies would do their best to ensure legitimate users from doing the same. Personally I have experienced this 3 times in the last year and I’m sure there are plenty more examples out there. Let me shed a little more light on these experiences:
1. HP Fire Sale – When HP announced that they were going to be selling their TouchPad for £89 the online community went crazy. Each time a new retailer announced its price had dropped chances are that minutes later the website would be struggling with load (in the best of cases) or completely stopped responding (in the worst). I saw this take down some online giants likes Dabs and Currys as well as an extensive list of small independent retailers.
2. The Ebuyer £1 sale – In an effort to shift a load of old stock Ebuyer decided to sell a bunch of items for £1; however their server capacity was not prepared for the huge increase in traffic. This resulted with the website being unusable for the majority of the day meaning that not only the people there for the sale but regular everyday users were unable to complete any transactions.
3. Apple iPhone 4S pre orders – Probably the least serious of the bunch but still worth a mention. On the day the iPhone 4S was announced the ordering system was slowed to a snail’s pace as over a million people placed pre-orders. Personally it took me around 30 minutes to complete what should have been a 5 minute process; this in turn slowed down the rest of Apples site as well.
Apple for one certainly must have learnt from their mistakes following the previous years release of the iPhone 4 where they had to stop accepting preorders at 9am due to a ‘Computer Glitch’.
While it’s difficult to predict exactly how much extra capacity would be needed for such events perhaps with a little foresight and more load testing these problems could have been recognised earlier and defensive measures put in place.
Craig Pilgrim is a Software Tester at Lightspeed IT Solutions. Testing Circle would like to thank Craig for his contribution as a guest blogger!
RSS Feed