Unit Testing for Security
Customer Challenges And Needs
In a mature development operation, unit testing is part and parcel of the development process. Unit testing, when properly done, produces a high level of confidence that the compilation unit does its job correctly and completely. Because development is normally done in a security vacuum, unit testing for the purpose of security is rarely done. With this offering we will work with a development team to think about security first and how to write tests against compilation units that also test for security. By conceiving and writing unit tests with this in mind, the broader application will inherently become secure.
The CyberQ consultant will work with your application development organization to broaden their thinking to better encompass security concerns. We will also work to understand your application to better understand the security context of your application.
Depending on the DevSecOps maturity of your organization, the consultant will cover the following topics.
- How to integrate secure unit tests into your development pipeline.
- Thinking about unit security
- Testing one concept a time
- Test Completely by writing multiple tests
- Text all inputs for security
- How to implement security unit tests
- Specific examples from your application will be tested if available.
Unit tests always benefit the application by, not only assuring that features are secure when the unit test is written, but it will continue to make sure the unit remains secure as it evolves. This is because the unit tests will be run every time your application is built.