1 post • joined 29 May 2008
"Using test-driven development is excellent for security. By defining a suite of security test cases before development starts, the team is much more likely to include the right controls and use them properly."
Great concept in theory, but really hard to implement in practice: how to develop "negative" tests needed in security? Can you really test that your code is not exploitable?
Of course, you can implement obvious tests, like "if you enter a wrong username/password the access is denied" or even some elementary tests against XSS and SQL Injection, but how to test crypto-strength, session management, denial of service, race conditions, just to name a few?
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Review Tough Banana Pi: a Raspberry Pi for colour-blind diehards
- Analysis Pity the poor Windows developer: The tools for desktop development are in disarray
- Product round-up Ten Mac freeware apps for your new Apple baby
- Chromecast video on UK, Euro TVs hertz so badly it makes us judder – but Google 'won't fix'