6.2. Good General Practices
Testing is a complete software engineering discipline in its own right. Volumes have been written about test scaffolds, regression testing, and the other techniques software engineers routinely employ to produce consistent results. This book isn't the place for that discussion—we list a few suggestions in Appendix A—but we do have a few general recommendations:
Perform automated testing
-
We advise you to automate your testing procedures as much as possible. As Brian W. Kernighan and Rob Pike explain in The Practice of Programming:
It's tedious and unreliable to do much testing by hand; proper testing involves lots of test, lots of inputs, and lots of comparisons of outputs. Testing should therefore be done by programs, which don't get tired or careless.
The best kind of automation, of course, would allow you to test your software against newly discovered vulnerabilities without modifying your test bed or procedures and without hand-coding new test cases. Luckily, some available testing tools achieve at least part of this dream. We'll point them out as we go along.
Test at every stage
-
Experience has taught us that it's important to test our software at every stage of the development cycle. This approach enhances not only the security of the software, but also the usability, reliability, and effectiveness of an application.
Make a test plan
-
An integral part of the software development process is the development of a test plan. This plan should be ...
Get Secure Coding: Principles and Practices now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
