$30 off During Our Annual Pro Sale. View Details »

Trusted System Boundaries

November 02, 2022

48

Trusted System Boundaries

From a short lunch-and-learn session at ConstructConnect: A discussion on why it's important for testers to understand trust boundaries in the systems we work with.

Input processing is complex and expensive. We can't (and shouldn't) do that in every single part of a system, so it's critical to work with developers/architects to create and understand system boundaries. This makes our testing much more effective as we know where to concentrate our efforts.

This L&L session was interactive, so I posed a bunch of questions to get responses, then guided some discussion around what trust boundaries might look like.

Jim Holmes

November 02, 2022

Tweet

More Decks by Jim Holmes

See All by Jim Holmes

Public_Speaking.pdf

What's Worse? Zombies or Brittle UI Tests?

Odd Parallels Between Weightlifting and Software Delivery

Is Quality The Bottleneck?

Don't Fear Leadership

Honor Flight #20 (Bay Area) Recap

Coding for Non-Coders workshop

Four Tips for More Testable UI

Other Decks in Programming

See All in Programming

進化したWeb技術でPWAをネイティブアプリに近づける / frontend-conf-2023

Modern Java for the Masses! Is Java Still Relevant?

未定義動作でFizz Buzz / Undefined Fizz Buzz

Scala Left Fold Parallelisation- Three Approaches

日時処理の新スタンダード: Synchro によるタイムゾーン安全、楽々開発

Next.js App Router での MPA フロントエンド刷新

インターフェースのラッパーを作る際の落とし穴 / Go Conference mini 2023

Introducing Kotlin Multiplatform in an existing mobile app - Workshop Edition | DevFest Berlin 23

Intro to Stateful Services or How to get 1 million RPS from a single node

コードを読みやすくしよう！〜秒で身に付くよい命名〜 (LT) - NIFTY Tech Day 2023

Visually experience the beauty of mathematics with p5.js

ニフティ社内ISUCON開催への道のり - NIFTY Tech Day 2023

Featured

See All Featured

Art Directing for the Web. Five minutes with CSS Template Areas

Raft: Consensus for Rubyists

Stop Working from a Prison Cell

Sharpening the Axe: The Primacy of Toolmaking

The Brand Is Dead. Long Live the Brand.

WebSockets: Embracing the real-time Web

ReactJS: Keep Simple. Everything can be a component!

Dealing with People You Can't Stand - Big Design 2015

For a Future-Friendly Web

GraphQLとの向き合い方2022年版

Producing Creativity

Fight the Zombie Pattern Library - RWD Summit 2016

Transcript

Trusted System Boundaries
Learn On the Go 11/2/2022

View Slide
View Slide
What Do We Test for Input?
Responses:
• Is the item in the catalog
• JS injection / other malicious eg sql injection
• Cookies and token—auth
• Boundary failures
• Authenticity—is correct input in correct field? (cross-wire fields)
• Correct character set (Latin-1, e.g.)
• Rejecting binary input in text
• Max/min length (also a boundary)
• Blanks or zero (no input given)

View Slide
What’s involved in building safe code and
testing it?
Responses:
• Build protection into code
• Cross-browser support
• Design impact (both UI and system)
• Complexity, effort
• Toolsets, frameworks, and libraries

View Slide
System Diagram in Miro

View Slide
View Slide
API Application
Endpoints
/ Services
Data
Access
Layer
(DAL)
Business
Logic

View Slide
API Application
Endpoints / Services Data Access Layer (DAL)
Business Logic
Controller
Routing
Model

View Slide
What do we need to work with these
boundaries?
Responses:
• Do we know the critical flows? What APIs are called for what reasons?
• Clarity of each APIs params, etc.
• What each field means
• Each field’s limits/boundaries and data types
• Auth

View Slide