Testing tools compatible to be on ICP

I am currently working on a project using Internet Computer (ICP) and am in the process of preparing for extensive testing. I have identified a few critical areas of testing that are essential for my project. However, I am looking for recommendations on testing tools that would be suitable for each of these areas within the ICP ecosystem.

Stress Testing

• Objective: To determine the system’s behavior under heavy loads, including handling significant data processing and simultaneous user requests.
• Questions:
  • Are there ICP-specific tools or best practices for stress testing canisters or the network?
  • How can we simulate extremely high traffic or data-intensive operations?

Penetration Testing

• Objective: To assess the security of the application and identify vulnerabilities by simulating potential attacks.
• Questions:
  • What are the recommended security tools or frameworks for penetration testing in the ICP environment?
  • Are there any resources or services specific to the Internet Computer network for identifying vulnerabilities in smart contracts?

To simulate a lot of load you can run dfx start with --artificial-delay 500 to get a realistic block speed locally. You can then send requests to it in parallel. If you make the delay higher you can simulate higher ingress load as far as you want.

For data intensive operations I’d suggest using PocketIC in unit tests where you first load the system with a lot of data. Execution limits are pretty decent, but I still think it’s not too hard to hit the limits in a test setup. If you want to benchmark specifically (less for load testing, but still related) then have a look at canbench.

For pentesting I don’t have much that I can recommend. We have very extensive security best practices documentation, but not really tools to automatically check for them. At DFINITY we mostly rely on in-depth code reviews.