SlideShare ist ein Scribd-Unternehmen logo

Security Testing

Kiran Kumar
Kiran Kumar

Learn More about Security Testing

TechnologieNews & Politik
1 von 36
Security Testing through Automated Software Tests Stephen de Vries, Principal Consultant, Corsaire [email_address]
[object Object],Typical Iterative development life cycle ,[object Object],[object Object],[object Object]
Typical Iterative development life cycle
Typical Iterative development life cycle ,[object Object],[object Object],[object Object],[object Object]
Outline ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Use cases and Abuse cases ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Taxonomy of Automated Software Tests ,[object Object],[object Object],[object Object]
Taxonomy of Automated Software Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Taxonomy of Automated Software Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Taxonomy of Automated Software Tests ,[object Object],[object Object],[object Object],[object Object],[object Object]
Introducing JUnit ,[object Object],[object Object]
Introducing JUnit ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Introducing JUnit ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Introducing JUnit public class CartTest extends TestCase { public CartTest(String testName) { super(testName); } protected void setUp() throws Exception { //Code here will be executed before every testXXX method } protected void tearDown() throws Exception { //Code here will be executed after every testXXX method } public void testNewCartHasZeroItems() { // Test code goes here } public void testAddSingleItem() { // Test code goes here } public void testAddTwoItems() { // Test code goes here } public void testAddNullItem() { // Test code goes here } }
Introducing JUnit public void testAddTwoItems() { Cart instance = new Cart(); boolean isInStock = true; //First add an item Item item = new Item(); item.setItemId("item01"); instance.addItem(item, isInStock); //Test adding a second item Item item2 = new Item(); item2.setItemId("item02"); instance.addItem(item2, isInStock); //Check whether item01 is in the cart boolean result = instance.containsItemId("item01"); assertTrue("First item is in cart", result); //Check whether item02 is in the cart result = instance.containsItemId("item02"); assertTrue("Second item is in cart", result); //Check that there are 2 items in the cart assertEquals("2 items in cart", instance.getNumberOfItems(), 2); } USE CASE TEst
Introducing JUnit ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],ABUSE CASE TEST
Introducing JUnit ,[object Object],[object Object],[object Object],[object Object]
Introducing JUnit ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Web Application Security Standards ,[object Object],[object Object],[object Object],[object Object],[object Object]
Web Application Security Standards Example:
Web Application Security Standard
Testing Security in Unit Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Testing Security in Unit Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Testing Security in Unit Tests ,[object Object],[object Object],[object Object],[object Object],[object Object]
Testing Security in Integration Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Testing Security in Integration Tests ,[object Object],[object Object],[object Object],[object Object]
Testing Security in Integration Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Testing Security in Integration Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Testing Security in Integration Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security Testing in Acceptance Tests ,[object Object],[object Object],[object Object],[object Object],[object Object]
Security Testing in Acceptance Tests ,[object Object],public class XSSinSearchFieldTest extends WebTestCase { public void setUp() throws Exception { getTestContext().setBaseUrl(&quot;http://example.corsaire.com/ispatula/&quot;); } public void testHtmlInjection() throws Exception { beginAt(&quot;/index.html&quot;); assertLinkPresentWithText(&quot;Enter the Store&quot;); clickLinkWithText(&quot;Enter the Store&quot;); assertFormPresent(&quot;searchForm&quot;); setFormElement(&quot;query&quot;, &quot;<a id=amp;quot;injectionamp;quot; href=amp;quot;http://www.google.com>Injection</a>&quot;); submit(); assertLinkNotPresent(&quot;injection&quot;); } public XSSinSearchFieldTest(String name) { super(name); } }
Security Testing in Acceptance Tests
Security Testing in Acceptance Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security Testing in Acceptance Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security Testing in Acceptance Tests ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusions ,[object Object],[object Object],[object Object],[object Object],[object Object]

Empfohlen

Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentationConfiz
 
Security testing
Security testingSecurity testing
Security testingRihab Chebbah
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security TestingvodQA
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Security testing
Security testingSecurity testing
Security testingTabăra de Testare
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Security Testing
Security TestingSecurity Testing
Security TestingQualitest
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 

Empfohlen

Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentationConfiz
 
Security testing
Security testingSecurity testing
Security testingRihab Chebbah
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security TestingvodQA
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Security testing
Security testingSecurity testing
Security testingTabăra de Testare
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Security Testing
Security TestingSecurity Testing
Security TestingQualitest
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 
Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentalsCygnet Infotech
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Security Testing for Web Application
Security Testing for Web ApplicationSecurity Testing for Web Application
Security Testing for Web ApplicationPrecise Testing Solution
 
Testing
TestingTesting
TestingSonali Chauhan
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
powerpoint template for testing training
powerpoint template for testing trainingpowerpoint template for testing training
powerpoint template for testing trainingJohn Roddy
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptxosandadeshan
 
Types of Software Testing | Edureka
Types of Software Testing | EdurekaTypes of Software Testing | Edureka
Types of Software Testing | EdurekaEdureka!
 
Software testing
Software testingSoftware testing
Software testingOmar Al-Bokari
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
System hacking
System hackingSystem hacking
System hackingCAS
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With ExamplesAlwin Thayyil
 
Security-testing presentation
Security-testing presentationSecurity-testing presentation
Security-testing presentationEzhilan Elangovan (Eril)
 

Weitere ähnliche Inhalte

Was ist angesagt?

Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentalsCygnet Infotech
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
powerpoint template for testing training
powerpoint template for testing trainingpowerpoint template for testing training
powerpoint template for testing trainingJohn Roddy
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptxosandadeshan
 
Types of Software Testing | Edureka
Types of Software Testing | EdurekaTypes of Software Testing | Edureka
Types of Software Testing | EdurekaEdureka!
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
System hacking
System hackingSystem hacking
System hackingCAS
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 

Was ist angesagt? (20)

Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & Testing
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Security testing
Security testingSecurity testing
Security testing
 
Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentals
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
Security Testing for Web Application
Security Testing for Web ApplicationSecurity Testing for Web Application
Security Testing for Web Application
 
Testing
TestingTesting
Testing
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
powerpoint template for testing training
powerpoint template for testing trainingpowerpoint template for testing training
powerpoint template for testing training
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptx
 
Types of Software Testing | Edureka
Types of Software Testing | EdurekaTypes of Software Testing | Edureka
Types of Software Testing | Edureka
 
Software testing
Software testingSoftware testing
Software testing
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
System hacking
System hackingSystem hacking
System hacking
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 

Andere mochten auch

Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With ExamplesAlwin Thayyil
 
Explore Security Testing
Explore Security TestingExplore Security Testing
Explore Security Testingshwetaupadhyay
 
Introduction to security testing
Introduction to security testingIntroduction to security testing
Introduction to security testingNagasahas DS
 
Web Security
Web SecurityWeb Security
Web SecurityTripad M
 
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTING
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTINGANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTING
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTINGEditor IJMTER
 
Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1robin_bene
 
Portfolio
PortfolioPortfolio
Portfoliophpworm
 
Requirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing LabRequirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing LabSyed Ubaid Ali Jafri
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackerstomasperezv
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testingankitmehta21
 

Andere mochten auch (15)

Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
 
Security-testing presentation
Security-testing presentationSecurity-testing presentation
Security-testing presentation
 
Explore Security Testing
Explore Security TestingExplore Security Testing
Explore Security Testing
 
Introduction to security testing
Introduction to security testingIntroduction to security testing
Introduction to security testing
 
Web Security
Web SecurityWeb Security
Web Security
 
Web Security
Web SecurityWeb Security
Web Security
 
Cygnet corporate ppt
Cygnet corporate pptCygnet corporate ppt
Cygnet corporate ppt
 
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTING
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTINGANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTING
ANALYSIS OF SOFTWARE SECURITY TESTING TECHNIQUES IN CLOUD COMPUTING
 
Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1
 
Software Testing and UML Lab
Software Testing and UML LabSoftware Testing and UML Lab
Software Testing and UML Lab
 
Portfolio
PortfolioPortfolio
Portfolio
 
Requirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing LabRequirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing Lab
 
Security testing ?
Security testing ?Security testing ?
Security testing ?
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackers
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
 

Ähnlich wie Security Testing

J unit presentation
J unit presentationJ unit presentation
J unit presentationPriya Sharma
 
Junit4&testng presentation
Junit4&testng presentationJunit4&testng presentation
Junit4&testng presentationSanjib Dhar
 
Unit testing php-unit - phing - selenium_v2
Unit testing php-unit - phing - selenium_v2Unit testing php-unit - phing - selenium_v2
Unit testing php-unit - phing - selenium_v2Tricode (part of Dept)
 
Testes? Mas isso não aumenta o tempo de projecto? Não quero...
Testes? Mas isso não aumenta o tempo de projecto? Não quero...Testes? Mas isso não aumenta o tempo de projecto? Não quero...
Testes? Mas isso não aumenta o tempo de projecto? Não quero...Comunidade NetPonto
 
Grails unit testing
Grails unit testingGrails unit testing
Grails unit testingpleeps
 
Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...
Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...
Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...solit
 
Unit Testing on Android - Droidcon Berlin 2015
Unit Testing on Android - Droidcon Berlin 2015Unit Testing on Android - Droidcon Berlin 2015
Unit Testing on Android - Droidcon Berlin 2015Buşra Deniz, CSM
 
The secret unit testing tools no one ever told you about
The secret unit testing tools no one ever told you aboutThe secret unit testing tools no one ever told you about
The secret unit testing tools no one ever told you aboutDror Helper
 
Secret unit testing tools no one ever told you about
Secret unit testing tools no one ever told you aboutSecret unit testing tools no one ever told you about
Secret unit testing tools no one ever told you aboutDror Helper
 
31b - JUnit and Mockito.pdf
31b - JUnit and Mockito.pdf31b - JUnit and Mockito.pdf
31b - JUnit and Mockito.pdfgauravavam
 
1 aleksandr gritsevski - attd example using
1 aleksandr gritsevski - attd example using1 aleksandr gritsevski - attd example using
1 aleksandr gritsevski - attd example usingIevgenii Katsan
 
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Ukraine
 
Pragmatic unittestingwithj unit
Pragmatic unittestingwithj unitPragmatic unittestingwithj unit
Pragmatic unittestingwithj unitliminescence
 
Unit Testing - Nakov's Talk @ VarnaConf 2013
Unit Testing - Nakov's Talk @ VarnaConf 2013Unit Testing - Nakov's Talk @ VarnaConf 2013
Unit Testing - Nakov's Talk @ VarnaConf 2013Svetlin Nakov
 
Unit testing by Svetlin Nakov
Unit testing by Svetlin NakovUnit testing by Svetlin Nakov
Unit testing by Svetlin Nakovit-tour
 

Ähnlich wie Security Testing (20)

J unit presentation
J unit presentationJ unit presentation
J unit presentation
 
JUnit Presentation
JUnit PresentationJUnit Presentation
JUnit Presentation
 
Junit4&testng presentation
Junit4&testng presentationJunit4&testng presentation
Junit4&testng presentation
 
Unit testing php-unit - phing - selenium_v2
Unit testing php-unit - phing - selenium_v2Unit testing php-unit - phing - selenium_v2
Unit testing php-unit - phing - selenium_v2
 
Testes? Mas isso não aumenta o tempo de projecto? Não quero...
Testes? Mas isso não aumenta o tempo de projecto? Não quero...Testes? Mas isso não aumenta o tempo de projecto? Não quero...
Testes? Mas isso não aumenta o tempo de projecto? Não quero...
 
Grails unit testing
Grails unit testingGrails unit testing
Grails unit testing
 
Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...
Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...
Solit 2013, Автоматизация тестирования сложных систем: mixed mode automated t...
 
Unit Testing on Android - Droidcon Berlin 2015
Unit Testing on Android - Droidcon Berlin 2015Unit Testing on Android - Droidcon Berlin 2015
Unit Testing on Android - Droidcon Berlin 2015
 
Unit Testing
Unit TestingUnit Testing
Unit Testing
 
The secret unit testing tools no one ever told you about
The secret unit testing tools no one ever told you aboutThe secret unit testing tools no one ever told you about
The secret unit testing tools no one ever told you about
 
J Unit
J UnitJ Unit
J Unit
 
Secret unit testing tools no one ever told you about
Secret unit testing tools no one ever told you aboutSecret unit testing tools no one ever told you about
Secret unit testing tools no one ever told you about
 
Unit testing - A&BP CC
Unit testing - A&BP CCUnit testing - A&BP CC
Unit testing - A&BP CC
 
31b - JUnit and Mockito.pdf
31b - JUnit and Mockito.pdf31b - JUnit and Mockito.pdf
31b - JUnit and Mockito.pdf
 
1 aleksandr gritsevski - attd example using
1 aleksandr gritsevski - attd example using1 aleksandr gritsevski - attd example using
1 aleksandr gritsevski - attd example using
 
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
 
Pragmatic unittestingwithj unit
Pragmatic unittestingwithj unitPragmatic unittestingwithj unit
Pragmatic unittestingwithj unit
 
Unit testing with JUnit
Unit testing with JUnitUnit testing with JUnit
Unit testing with JUnit
 
Unit Testing - Nakov's Talk @ VarnaConf 2013
Unit Testing - Nakov's Talk @ VarnaConf 2013Unit Testing - Nakov's Talk @ VarnaConf 2013
Unit Testing - Nakov's Talk @ VarnaConf 2013
 
Unit testing by Svetlin Nakov
Unit testing by Svetlin NakovUnit testing by Svetlin Nakov
Unit testing by Svetlin Nakov
 

Mehr von Kiran Kumar

User Interface Standards
User Interface StandardsUser Interface Standards
User Interface StandardsKiran Kumar
 
Banking Overview
Banking OverviewBanking Overview
Banking OverviewKiran Kumar
 
Winrunner Vs QTP
Winrunner Vs QTPWinrunner Vs QTP
Winrunner Vs QTPKiran Kumar
 
Software Testing
Software TestingSoftware Testing
Software TestingKiran Kumar
 
Software Testing
Software TestingSoftware Testing
Software TestingKiran Kumar
 
Software Testing
Software TestingSoftware Testing
Software TestingKiran Kumar
 
Software Testing Techniques
Software Testing TechniquesSoftware Testing Techniques
Software Testing TechniquesKiran Kumar
 
Software Testing Techniques
Software Testing TechniquesSoftware Testing Techniques
Software Testing TechniquesKiran Kumar
 
Testing Fundamentals
Testing FundamentalsTesting Fundamentals
Testing FundamentalsKiran Kumar
 
Quality Assurance
Quality AssuranceQuality Assurance
Quality AssuranceKiran Kumar
 
Software Quality Testing
Software Quality TestingSoftware Quality Testing
Software Quality TestingKiran Kumar
 

Mehr von Kiran Kumar (12)

User Interface Standards
User Interface StandardsUser Interface Standards
User Interface Standards
 
Banking Overview
Banking OverviewBanking Overview
Banking Overview
 
Winrunner Vs QTP
Winrunner Vs QTPWinrunner Vs QTP
Winrunner Vs QTP
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
Testing
TestingTesting
Testing
 
Software Testing Techniques
Software Testing TechniquesSoftware Testing Techniques
Software Testing Techniques
 
Software Testing Techniques
Software Testing TechniquesSoftware Testing Techniques
Software Testing Techniques
 
Testing Fundamentals
Testing FundamentalsTesting Fundamentals
Testing Fundamentals
 
Quality Assurance
Quality AssuranceQuality Assurance
Quality Assurance
 
Software Quality Testing
Software Quality TestingSoftware Quality Testing
Software Quality Testing
 

Kürzlich hochgeladen

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 

Kürzlich hochgeladen (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 

Security Testing

  • 1. Security Testing through Automated Software Tests Stephen de Vries, Principal Consultant, Corsaire [email_address]
  • 2.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14. Introducing JUnit public class CartTest extends TestCase { public CartTest(String testName) { super(testName); } protected void setUp() throws Exception { //Code here will be executed before every testXXX method } protected void tearDown() throws Exception { //Code here will be executed after every testXXX method } public void testNewCartHasZeroItems() { // Test code goes here } public void testAddSingleItem() { // Test code goes here } public void testAddTwoItems() { // Test code goes here } public void testAddNullItem() { // Test code goes here } }
  • 15. Introducing JUnit public void testAddTwoItems() { Cart instance = new Cart(); boolean isInStock = true; //First add an item Item item = new Item(); item.setItemId(&quot;item01&quot;); instance.addItem(item, isInStock); //Test adding a second item Item item2 = new Item(); item2.setItemId(&quot;item02&quot;); instance.addItem(item2, isInStock); //Check whether item01 is in the cart boolean result = instance.containsItemId(&quot;item01&quot;); assertTrue(&quot;First item is in cart&quot;, result); //Check whether item02 is in the cart result = instance.containsItemId(&quot;item02&quot;); assertTrue(&quot;Second item is in cart&quot;, result); //Check that there are 2 items in the cart assertEquals(&quot;2 items in cart&quot;, instance.getNumberOfItems(), 2); } USE CASE TEst
  • 16.
  • 17.
  • 18.
  • 19.
  • 20. Web Application Security Standards Example:
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32. Security Testing in Acceptance Tests
  • 33.
  • 34.
  • 35.
  • 36.