This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Secure TDD Project"
From OWASP
Lauren Tabak (talk | contribs) |
Lauren Tabak (talk | contribs) |
||
Line 60: | Line 60: | ||
TDD favors highly localized (unit testing). As a result you could easily test that:<br> | TDD favors highly localized (unit testing). As a result you could easily test that:<br> | ||
− | GetSafeSQLParam() would correctly guard against SQL injection | + | GetSafeSQLParam() would correctly guard against SQL injection or that SecureZeroMemory() would correctly erase a password from RAM.<br> |
However, it becomes more difficult to verify that all developers have used the correct method in every place that it's required.<br> | However, it becomes more difficult to verify that all developers have used the correct method in every place that it's required.<br> | ||
− | + | Our STDD tool solves this problem, discovering security threats and vulnerabilities in software while writing the code.<br> | |
==Description== | ==Description== | ||
Line 74: | Line 74: | ||
The tests we will be focusing on are prevention against SQL injection and XSS attacks. | The tests we will be focusing on are prevention against SQL injection and XSS attacks. | ||
− | + | The benefits of such a tool will save time, money and keep code safe from security holes. | |
==Licensing== | ==Licensing== |
Revision as of 04:13, 15 March 2014