I recently created a big portal site. It's time for putting it to test.
How do you guys test a site rigorously?
What are the ways and tools for that?
Can we sort of mimic hundreds of virtual users visiting the site to see its load handling?
The test should be for both security and speed
If this is just supposed to be a Stress Test, try http://freshmeat.net/projects/siege/
Siege is a regression test and benchmark utility. It can stress test a single URL with a user defined number of simulated users, or it can read many URLs into memory and stress them simultaneously. The program reports the total number of hits recorded, bytes transferred, response time, concurrency, and return status. Siege supports HTTP/1.0 and 1.1 protocols, GET and POST directives, cookies, transaction logging, and basic authentication. Its features are configurable on a per user basis.
ab is a tool for benchmarking the performance of your Apache HyperText Transfer Protocol (HTTP) server. It does this by giving you an indication of how many requests per second your Apache installation can serve.
For security tests, I strongly suggest to buy an audit and leave that to dedicated experts. There is just too many possible attack vectors that go beyond your app code.