This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Secure TDD Project"

From OWASP
Jump to: navigation, search
Line 57: Line 57:
  
  
 +
 +
TDD will help as follows:
 +
 +
TDD is not going to protect you from unknown threats. By its very nature, you have to know what you want to test in order to write the test in the first place.<br>
 +
 +
However, STDD will help us Defend against existing threat and help developers secure their product by reducing and eliminating vulnerabilities in software before deployment.<br>
  
 
==Description==
 
==Description==
Line 63: Line 69:
 
Explain about the tool - VS add-on, rules engine and extensions.
 
Explain about the tool - VS add-on, rules engine and extensions.
 
Explain when to use the tool - before development and when knowing the answers to business questions, e.g. user inputs
 
Explain when to use the tool - before development and when knowing the answers to business questions, e.g. user inputs
 +
 +
 +
STDD tool is an Add-On for Microsoft Visual Studio, which will conduct security test scenarios, assisting us to find vulnerabilities, exploits and security bugs inside the code while using the TDD life cycle.
 +
  
  

Revision as of 19:37, 13 March 2014

OWASP Project Header.jpg

OWASP Secure TDD Project

The OWASP Secure TDD Project allows organizations to integrate security into the Test Driven Development (TDD) lifecycle.
When utilizing TDD, it is important to clarify to the developers that this process will change the way they think, since they need to cover all tests prior development, which is different from the unit testing approach.
The OWASP Secure TDD Project contains an open source tool written for .NET developers in order to allow generation of the most common tests out of the box and enable developers to consciously improve the project by developing additional tests or extensions.

Introduction

About TDD


TDD is about writing a test which will fail, then writing the minimum amount of code required to make it run, then refactoring the code to make it clean.
This is done in cycles, fail -> pass -> refactor, adding a new test for each known requirement for the code.

A TDD test expresses the task of the application functionality that needs to be implemented next and the criterion for success.

TDD is not about testing. TDD uses tests to drive the design of the code.

This can be done with unit tests, functional tests and acceptance tests. Usually, all three are used.

The tests tell you what to do, what to do next and when you are done. They tell you what the API is going to be, what the design is.

The tests permit you to refactor safely, ensuring that the desired behavior continues to work while you adjust your design. The tests also guide you to testable code, promoting smaller methods, shorter parameter lists, and overall much simpler design than other methodologies lead you to.


Difference between TDD and Unit Tests


Unit Testing is about testing individual units of behavior. An individual unit of behavior is the smallest possible unit of behavior that can be individually tested in isolation.

You can write unit tests before you write your code, after you write your code or while you write your code.

So how does a TDD test differ from a unit test?

Unlike a unit test, a TDD test is used to drive the design of an application. A TDD test is used to express what application code should do before the application code is actually written.

TDD is less about testing, and more about designing the code. Unit tests are then used to set the expectations for the end code.
When the end code is written, and passes tests (specifications), you have a code that was designed using tests.

Like unit tests, TDD tests can be used for regression testing. You can use TDD tests to immediately determine whether a change in code has broken existing application functionality. However, unlike a unit test, a TDD test does not necessarily test one unit of code in isolation.

You can do unit testing without doing test driven development. However you can't do test driven development without using unit tests.

When you do traditional unit testing, you write test after you wrote your code.

Test driven development approach is to write unit test before writing code.


How do we solve the problem by implementing STDD?


TDD will help as follows:

TDD is not going to protect you from unknown threats. By its very nature, you have to know what you want to test in order to write the test in the first place.

However, STDD will help us Defend against existing threat and help developers secure their product by reducing and eliminating vulnerabilities in software before deployment.

Description

Write a description that is just a few paragraphs long Explain about the tool - VS add-on, rules engine and extensions. Explain when to use the tool - before development and when knowing the answers to business questions, e.g. user inputs


STDD tool is an Add-On for Microsoft Visual Studio, which will conduct security test scenarios, assisting us to find vulnerabilities, exploits and security bugs inside the code while using the TDD life cycle.


Licensing

The OWASP Secure TDD Project is free to use. It is licensed under the Apache 2.0 License.


What is the OWASP Secure TDD Project?

The OWASP Secure TDD Project provides:

  • xxx
  • xxx


Presentation

OWASP IL October 2013[1]



Project Leader

Nir Valtman


Related Projects

Quick Download

  • Link to page/download


News and Events

  • [20 Nov 2013] News 2
  • [30 Sep 2013] News 1


In Print

This project can be purchased as a print on demand book from Lulu.com


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files TOOL.jpg

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Secure_TDD_Project&oldid=170053"