This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Secure TDD Project"
Lauren Tabak (talk | contribs) |
Lauren Tabak (talk | contribs) |
||
Line 36: | Line 36: | ||
Unlike a unit test, a TDD test is used to drive the design of an application. A TDD test is used to express what application code should do before the application code is actually written.<br> | Unlike a unit test, a TDD test is used to drive the design of an application. A TDD test is used to express what application code should do before the application code is actually written.<br> | ||
− | |||
TDD is less about testing, and more about designing the code. Unit tests are then used to set the expectations for the end code.<br> When the end code is written, and passes tests (specifications), you have a code that was designed using tests.<br> | TDD is less about testing, and more about designing the code. Unit tests are then used to set the expectations for the end code.<br> When the end code is written, and passes tests (specifications), you have a code that was designed using tests.<br> | ||
− | |||
Like unit tests, TDD tests can be used for regression testing. You can use TDD tests to immediately determine whether a change in code has broken existing application functionality. However, unlike a unit test, a TDD test does not necessarily test one unit of code in isolation. <br> | Like unit tests, TDD tests can be used for regression testing. You can use TDD tests to immediately determine whether a change in code has broken existing application functionality. However, unlike a unit test, a TDD test does not necessarily test one unit of code in isolation. <br> | ||
− | |||
You can do unit testing without doing test driven development. However you can't do test driven development without using unit tests.<br> | You can do unit testing without doing test driven development. However you can't do test driven development without using unit tests.<br> | ||
− | |||
When you do traditional unit testing, you write test after you wrote your code.<br> | When you do traditional unit testing, you write test after you wrote your code.<br> | ||
− | |||
Test driven development approach is to write unit test before writing code.<br> | Test driven development approach is to write unit test before writing code.<br> | ||
Line 60: | Line 55: | ||
TDD is not going to protect you from unknown threats. By its very nature, you have to know what you want to test in order to write the test in the first place.<br> | TDD is not going to protect you from unknown threats. By its very nature, you have to know what you want to test in order to write the test in the first place.<br> | ||
− | |||
However, STDD will help us Defend against existing threats and help developers secure their product by reducing and eliminating vulnerabilities in software | However, STDD will help us Defend against existing threats and help developers secure their product by reducing and eliminating vulnerabilities in software | ||
− | |||
before deployment while using the TDD life cycle.<br> | before deployment while using the TDD life cycle.<br> | ||
− | |||
TDD favors highly localized (unit testing). As a result you could easily test that:<br> | TDD favors highly localized (unit testing). As a result you could easily test that:<br> | ||
GetSafeSQLParam() would correctly guard against SQL injection. Or that SecureZeroMemory() would correctly erase a password from RAM.<br> | GetSafeSQLParam() would correctly guard against SQL injection. Or that SecureZeroMemory() would correctly erase a password from RAM.<br> | ||
− | |||
However, it becomes more difficult to verify that all developers have used the correct method in every place that it's required.<br> | However, it becomes more difficult to verify that all developers have used the correct method in every place that it's required.<br> | ||
− | |||
The STDD tool solves this problem, discovering security threats and vulnerabilities in software while writing the code.<br> | The STDD tool solves this problem, discovering security threats and vulnerabilities in software while writing the code.<br> | ||
Revision as of 01:40, 15 March 2014
OWASP Secure TDD ProjectThe OWASP Secure TDD Project allows organizations to integrate security into the Test Driven Development (TDD) lifecycle. IntroductionAbout TDD
So how does a TDD test differ from a unit test? Unlike a unit test, a TDD test is used to drive the design of an application. A TDD test is used to express what application code should do before the application code is actually written.
TDD will help as follows: - Tests can be written to verify the threat. Basically TDD assists in allowing a quick turnaround time from when a threat is discovered to when a solution becomes available. TDD is not going to protect you from unknown threats. By its very nature, you have to know what you want to test in order to write the test in the first place. GetSafeSQLParam() would correctly guard against SQL injection. Or that SecureZeroMemory() would correctly erase a password from RAM. DescriptionWrite a description that is just a few paragraphs long Explain about the tool - VS add-on, rules engine and extensions. Explain when to use the tool - before development and when knowing the answers to business questions, e.g. user inputs
The STDD tool is an Add-On for Microsoft Visual Studio, which will conduct security test scenarios, assisting us to find vulnerabilities, exploits and security bugs inside the code while using the TDD life cycle. STDD is a tool that will ensure secure coding by creating auto generated TDD tests, to make sure the code isn't vulnerable to attacks.
LicensingThe OWASP Secure TDD Project is free to use. It is licensed under the Apache 2.0 License.
|
What is the OWASP Secure TDD Project?The OWASP Secure TDD Project provides:
PresentationOWASP IL October 2013[1]
Project LeaderNir Valtman
Related Projects
|
Quick Download
News and Events
In PrintThis project can be purchased as a print on demand book from Lulu.com
Classifications |
- Q1
- A1
- Q2
- A2
Volunteers
The OWASP Secure TDD Project is developed by a worldwide team of volunteers. The primary contributors to date have been:
- Lauren Tabak
- Niran Yadai
- Tal Darsan
- Ofir Melinger
- Kobi Barzilay
As of March 2014, the priorities are:
- xxx
- xxx
- xxx
Involvement in the development and promotion of the OWASP Secure TDD Project is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
- xxx
- xxx
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|