Trusted System Boundaries

November 02, 2022

Trusted System Boundaries

From a short lunch-and-learn session at ConstructConnect: A discussion on why it's important for testers to understand trust boundaries in the systems we work with.

Input processing is complex and expensive. We can't (and shouldn't) do that in every single part of a system, so it's critical to work with developers/architects to create and understand system boundaries. This makes our testing much more effective as we know where to concentrate our efforts.

This L&L session was interactive, so I posed a bunch of questions to get responses, then guided some discussion around what trust boundaries might look like.

Jim Holmes

November 02, 2022

More Decks by Jim Holmes

See All by Jim Holmes

Adapting to Change in Software Delivery

jimholmes

Public_Speaking.pdf

jimholmes

What's Worse? Zombies or Brittle UI Tests?

jimholmes

Odd Parallels Between Weightlifting and Software Delivery

jimholmes

Is Quality The Bottleneck?

jimholmes

Don't Fear Leadership

jimholmes

Intro To TDD

jimholmes

Honor Flight #20 (Bay Area) Recap

jimholmes

Coding for Non-Coders workshop

jimholmes

Other Decks in Programming

See All in Programming

From Subtype Polymorphism To Typeclass-based Ad hoc Polymorphism- An Example

philipschwarz

PRO

190

Java ジェネリクス入門 2024

nagise

680

現場で役立つモデリング　超入門

masuda220

PRO

3.1k

NSOutlineView何もわからん:( 前編 / I Don't Understand About NSOutlineView :( Pt. 1

usagimaru

270

カラム追加で増えるActiveRecordのメモリサイズイメージできますか?

asayamakk

1.9k

破壊せよ！データ破壊駆動で考えるドメインモデリング / data-destroy-driven

minodriven

4.3k

Modern Angular: Renovation for Your Applications

manfredsteyer

PRO

240

とにかくAWS GameDay！AWSは世界の共通言語！ / Anyway, AWS GameDay! AWS is the world's lingua franca!

seike460

PRO

770

推し活のハイトラフィックに立ち向かう Railsとアーキテクチャ - Kaigi on Rails 2024

falcon8823

2.6k

僕がつくった48個のWebサービス達

yusukebe

17k

JaSST 24 九州：ワークショップ(は除く)実践！マインドマップを活用したソフトウェアテスト＋活用事例

satohiroyuki

320

ふかぼれ！CSSセレクターモジュール / Fukabore! CSS Selectors Module

petamoriken

120

Featured

See All Featured

Music & Morning Musume

bryan

6.2k

The Art of Programming - Codeland 2020

erikaheidi

13k

How To Stay Up To Date on Web Technology

chriscoyier

788

250k

What's in a price? How to price your products and services

michaelherold

243

12k

Easily Structure & Communicate Ideas using Wireframe

afnizarnur

191

16k

Adopting Sorbet at Scale

ufuk

9.1k

Fashionably flexible responsive web design (full day workshop)

malarkey

404

65k

Become a Pro

speakerdeck

PRO

CSS Pre-Processors: Stylus, Less & Sass

bermonpainter

356

29k

Code Review Best Practice

trishagee

17k

Statistics for Hackers

jakevdp

796

220k

How STYLIGHT went responsive

nonsquared

5.2k

Transcript

Trusted System Boundaries Learn On the Go 11/2/2022
None
What Do We Test for Input? Responses: • Is the
item in the catalog • JS injection / other malicious eg sql injection • Cookies and token—auth • Boundary failures • Authenticity—is correct input in correct field? (cross-wire fields) • Correct character set (Latin-1, e.g.) • Rejecting binary input in text • Max/min length (also a boundary) • Blanks or zero (no input given)
What’s involved in building safe code and testing it? Responses:
• Build protection into code • Cross-browser support • Design impact (both UI and system) • Complexity, effort • Toolsets, frameworks, and libraries
System Diagram in Miro
None
API Application Endpoints / Services Data Access Layer (DAL) Business
Logic
API Application Endpoints / Services Data Access Layer (DAL) Business
Logic Controller Routing Model
What do we need to work with these boundaries? Responses:
• Do we know the critical flows? What APIs are called for what reasons? • Clarity of each APIs params, etc. • What each field means • Each field’s limits/boundaries and data types • Auth