1 post • joined 29 May 2008
"Using test-driven development is excellent for security. By defining a suite of security test cases before development starts, the team is much more likely to include the right controls and use them properly."
Great concept in theory, but really hard to implement in practice: how to develop "negative" tests needed in security? Can you really test that your code is not exploitable?
Of course, you can implement obvious tests, like "if you enter a wrong username/password the access is denied" or even some elementary tests against XSS and SQL Injection, but how to test crypto-strength, session management, denial of service, race conditions, just to name a few?
- Pic Mars rover 2020: Oxygen generation and 6 more amazing experiments
- Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
- Boffins spot weirder quantum capers as neutrons take the high road, spin takes the low
- Plug and PREY: Hackers reprogram USB drives to silently infect PCs
- Review Fiat Panda Cross: 'Interesting-looking' Multipla spawn hits UK