This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Secure TDD Project"
Lauren Tabak (talk | contribs) |
Lauren Tabak (talk | contribs) |
||
Line 73: | Line 73: | ||
==Installation Guide== | ==Installation Guide== | ||
+ | <u>Requirements:</u> | ||
+ | 1. Microsoft Visual-Studio 2013 SDK (http://www.microsoft.com/en-us/download/details.aspx?id=40758) | ||
+ | 2. Microsoft Visual-Studio 2013 and above | ||
+ | |||
+ | <u>Setup:</u> | ||
1. Download the installer file from: [link] (MD5: fb3acea9c9943e37f88ff28fcdeb22d0) | 1. Download the installer file from: [link] (MD5: fb3acea9c9943e37f88ff28fcdeb22d0) | ||
− | |||
2. Select destination folder | 2. Select destination folder | ||
− | + | 3. Select the product you want to install (Microsoft Visual-Studio 2013 and above) | |
− | 3. Select the product you want to install (Visual-Studio 2013 and above) | ||
− | |||
4. Launch Visual-Studio, click on Tools > Secure TDD Wizard | 4. Launch Visual-Studio, click on Tools > Secure TDD Wizard | ||
Revision as of 19:35, 1 June 2014
OWASP Secure TDD ProjectThe OWASP Secure TDD Project allows organizations to integrate security into the Test Driven Development (TDD) lifecycle. IntroductionAbout TDD
So how does a TDD test differ from a unit test? Unlike a unit test, a TDD test is used to drive the design of an application. A TDD test is used to express what application code should do before the application code is actually written.
- Tests can be written to verify the threat. Basically TDD assists in allowing a quick turnaround time from when a threat is discovered to when a solution becomes available. TDD is not going to protect you from unknown threats. By its very nature, you have to know what you want to test in order to write the test in the first place. GetSafeSQLParam() would correctly guard against SQL injection or that SecureZeroMemory() would correctly erase a password from RAM. DescriptionSTDD is a tool that will ensure secure coding using an Add-On for Microsoft Visual Studio, by creating auto generated STDD tests, assisting us to find vulnerabilities, exploits and security bugs inside the code while using the TDD life cycle. The tests we will be focusing on are prevention against SQL injection and XSS attacks. The benefits of such a tool will save time, money and keep code safe from security vulnerabilities.
Installation GuideRequirements: 1. Microsoft Visual-Studio 2013 SDK (http://www.microsoft.com/en-us/download/details.aspx?id=40758) 2. Microsoft Visual-Studio 2013 and above Setup: 1. Download the installer file from: [link] (MD5: fb3acea9c9943e37f88ff28fcdeb22d0) 2. Select destination folder 3. Select the product you want to install (Microsoft Visual-Studio 2013 and above) 4. Launch Visual-Studio, click on Tools > Secure TDD Wizard
LicensingThe OWASP Secure TDD Project is free to use. It is licensed under the Apache 2.0 License.
|
What is the OWASP Secure TDD Project?The OWASP Secure TDD Project provides:
PresentationOWASP IL October 2013[1]
Project LeaderNir Valtman
Related Projects
|
Quick Download
News and Events
In PrintThis project can be purchased as a print on demand book from Lulu.com
Classifications |
- What is Secure STDD?
- Secure Test Driven Development (STDD) will help us Defend against existing threats and help developers secure their product by reducing and eliminating vulnerabilities in software before deployment while using the TDD life cycle.
- How to benefit from STDD?
- The benefits of such a tool will save time, money and keep code safe from security vulnerabilities. This tool does not require a thorough understanding of the possible Security threats thus making it easier for the Programmer to generate such Security tests.
STDD tests also guide you to testable code, promoting smaller methods, shorter parameter lists, and overall much simpler design than other methodologies lead you to.
- How to install the STDD tool?
- How to use the STDD tool?
- (link to description page)
Volunteers
The OWASP Secure TDD Project is developed by a worldwide team of volunteers. The primary contributors to date have been:
- Lauren Tabak
- Niran Yadai
- Tal Darsan
- Ofir Melinger
- Kobi Barzilay
As of March 2014, the priorities are:
- Visual Studio Add-On
- Configuration test support
- SQLi and XSS Security tests
Involvement in the development and promotion of the OWASP Secure TDD Project is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
- Additional Security tests
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|