You need to be aware of the following security issues when performing load, stress and scalability testing with LoadComplete.
Depending on the connection type, communication between the test engine (LoadComplete or the Remote Agent Service) and the tested web server can be encrypted or not. HTTPS traffic is encrypted, while HTTP traffic is not encrypted. To learn more about testing secured web applications, see Support for HTTPS Applications.
LoadComplete project files store the recorded traffic (scenarios) in an unencrypted form. This concerns both HTTP and HTTPS traffic.
Traffic between LoadComplete and the Remote Agent Service in your local network is not encrypted.
Traffic between the Remote Agent Service and the tested web server can be encrypted depending on the simulated connection type (HTTPS or HTTP, as described above).
LoadComplete stores Amazon account data (the data you specify both in the Amazon Image editor and in the Accounts dialog) in an encrypted form. The data is encrypted by using Windows encryption capabilities.
When starting a load test on a cloud computer, the data is sent to Amazon via HTTPS, that is, the connection is secured.
Traffic between the Remote Agent Service in the cloud and the tested web server can be encrypted depending on the simulated connection type (HTTPS or HTTP, as described above).