1 post • joined Thursday 29th May 2008 14:58 GMT
"Using test-driven development is excellent for security. By defining a suite of security test cases before development starts, the team is much more likely to include the right controls and use them properly."
Great concept in theory, but really hard to implement in practice: how to develop "negative" tests needed in security? Can you really test that your code is not exploitable?
Of course, you can implement obvious tests, like "if you enter a wrong username/password the access is denied" or even some elementary tests against XSS and SQL Injection, but how to test crypto-strength, session management, denial of service, race conditions, just to name a few?
- It's true, the START MENU is coming BACK to Windows 8, hiss sources
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- How UK air traffic control system was caught asleep on the job
- Pic NASA Mars tank Curiosity rolls on old WET PATCH, sighs, sniffs for life signs
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps