Trusted System Boundaries

November 02, 2022

Trusted System Boundaries

From a short lunch-and-learn session at ConstructConnect: A discussion on why it's important for testers to understand trust boundaries in the systems we work with.

Input processing is complex and expensive. We can't (and shouldn't) do that in every single part of a system, so it's critical to work with developers/architects to create and understand system boundaries. This makes our testing much more effective as we know where to concentrate our efforts.

This L&L session was interactive, so I posed a bunch of questions to get responses, then guided some discussion around what trust boundaries might look like.

Jim Holmes

November 02, 2022

More Decks by Jim Holmes

See All by Jim Holmes

Adapting to Change in Software Delivery

jimholmes

Public_Speaking.pdf

jimholmes

What's Worse? Zombies or Brittle UI Tests?

jimholmes

Odd Parallels Between Weightlifting and Software Delivery

jimholmes

Is Quality The Bottleneck?

jimholmes

Don't Fear Leadership

jimholmes

Intro To TDD

jimholmes

Honor Flight #20 (Bay Area) Recap

jimholmes

Coding for Non-Coders workshop

jimholmes

Other Decks in Programming

See All in Programming

大規模Reactアプリのリアーキテクチャ~8万行のTanStack Query移行の軌跡~

kj455

960

educure_カリキュラム生操作マニュアル.pdf

linew_official

760

ADRを一年運用してみた/adr_after_a_year

hanhan1978

2.4k

Goのmultiple errorsについて (2024年4月版)

syumai

680

ONE WEDGE_company_guide

1wedge_one

470

二郎系ラーメンのコールで学ぶ AST 解析

memory1994

PRO

1.7k

MetricKitで予期せぬ終了を検知する話 / Detect unexpected termination with MetricKit

nekowen

180

Compose-View Interop in Practice (mDevCamp 2024)

stewemetal

130

try! Swift Tokyo 2024 参加報告 / try! Swift Tokyo 2024 Report

hironytic

200

Ruby Pattern Matching

bkuhlmann

930

Zero Waste, Radical Magic, and Italian Graft – Quarkus Efficiency Secrets

hollycummins

230

What We Can Learn From OSS

inouehi

420

Featured

See All Featured

XXLCSS - How to scale CSS and keep your sanity

sugarenia

241

1.2M

Being A Developer After 40

akosma

580k

Why You Should Never Use an ORM

jnunemaker

PRO

8.6k

KATA

mclloyd

12k

Rebuilding a faster, lazier Slack

samanthasiow

8.2k

Optimising Largest Contentful Paint

csswizardry

2.4k

Ruby is Unlike a Banana

tanoku

10k

JavaScript: Past, Present, and Future - NDC Porto 2020

reverentgeek

4.4k

Gamification - CAS2011

davidbonilla

4.6k

Agile that works and the tools we love

rasmusluckow

325

20k

Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything

marktimemedia

1.7k

The Psychology of Web Performance [Beyond Tellerrand 2023]

tammyeverts

1.5k

Transcript

Trusted System Boundaries Learn On the Go 11/2/2022
None
What Do We Test for Input? Responses: • Is the
item in the catalog • JS injection / other malicious eg sql injection • Cookies and token—auth • Boundary failures • Authenticity—is correct input in correct field? (cross-wire fields) • Correct character set (Latin-1, e.g.) • Rejecting binary input in text • Max/min length (also a boundary) • Blanks or zero (no input given)
What’s involved in building safe code and testing it? Responses:
• Build protection into code • Cross-browser support • Design impact (both UI and system) • Complexity, effort • Toolsets, frameworks, and libraries
System Diagram in Miro
None
API Application Endpoints / Services Data Access Layer (DAL) Business
Logic
API Application Endpoints / Services Data Access Layer (DAL) Business
Logic Controller Routing Model
What do we need to work with these boundaries? Responses:
• Do we know the critical flows? What APIs are called for what reasons? • Clarity of each APIs params, etc. • What each field means • Each field’s limits/boundaries and data types • Auth