Trusted System Boundaries

November 02, 2022

Trusted System Boundaries

From a short lunch-and-learn session at ConstructConnect: A discussion on why it's important for testers to understand trust boundaries in the systems we work with.

Input processing is complex and expensive. We can't (and shouldn't) do that in every single part of a system, so it's critical to work with developers/architects to create and understand system boundaries. This makes our testing much more effective as we know where to concentrate our efforts.

This L&L session was interactive, so I posed a bunch of questions to get responses, then guided some discussion around what trust boundaries might look like.

Jim Holmes

November 02, 2022

More Decks by Jim Holmes

See All by Jim Holmes

Adapting to Change in Software Delivery

jimholmes

Public_Speaking.pdf

jimholmes

What's Worse? Zombies or Brittle UI Tests?

jimholmes

Odd Parallels Between Weightlifting and Software Delivery

jimholmes

Is Quality The Bottleneck?

jimholmes

Don't Fear Leadership

jimholmes

Intro To TDD

jimholmes

Honor Flight #20 (Bay Area) Recap

jimholmes

Coding for Non-Coders workshop

jimholmes

Other Decks in Programming

See All in Programming

Outline View in SwiftUI

1024jp

340

AWS Lambdaから始まった Serverlessの「熱」とキャリアパス / It started with AWS Lambda Serverless “fever” and career path

seike460

PRO

260

Functional Event Sourcing using Sekiban

tomohisa

100

What’s New in Compose Multiplatform - A Live Tour (droidcon London 2024)

zsmb

480

3rd party scriptでもReactを使いたい！ Preact + Reactのハイブリッド開発

righttouch

PRO

610

Jakarta EE meets AI

ivargrimstad

640

Arm移行タイムアタック

qnighy

340

카카오페이는 어떻게 수천만 결제를 처리할까? 우아한 결제 분산락 노하우

kakao

PRO

110

シェーダーで魅せるMapLibreの動的ラスタータイル

satoshi7190

480

ピラミッド、アイスクリームコーン、SMURF: 自動テストの最適バランスを求めて / Pyramid Ice-Cream-Cone and SMURF

twada

PRO

1.3k

型付き API リクエストを実現するいくつかの手法とその選択 / Typed API Request

euxn23

2.3k

どうして僕の作ったクラスが手続き型と言われなきゃいけないんですか

akikogoto

120

Featured

See All Featured

Save Time (by Creating Custom Rails Generators)

garrettdimon

PRO

840

KATA

mclloyd

14k

Intergalactic Javascript Robots from Outer Space

tanoku

269

27k

Agile that works and the tools we love

rasmusluckow

327

21k

How STYLIGHT went responsive

nonsquared

5.2k

BBQ

matthewcrist

9.3k

Making Projects Easy

brettharned

115

5.9k

Optimizing for Happiness

mojombo

376

70k

Embracing the Ebb and Flow

colly

4.5k

Testing 201, or: Great Expectations

jmmastey

7.1k

Documentation Writing (for coders)

carmenintech

4.4k

Adopting Sorbet at Scale

ufuk

9.1k

Transcript

Trusted System Boundaries Learn On the Go 11/2/2022
None
What Do We Test for Input? Responses: • Is the
item in the catalog • JS injection / other malicious eg sql injection • Cookies and token—auth • Boundary failures • Authenticity—is correct input in correct field? (cross-wire fields) • Correct character set (Latin-1, e.g.) • Rejecting binary input in text • Max/min length (also a boundary) • Blanks or zero (no input given)
What’s involved in building safe code and testing it? Responses:
• Build protection into code • Cross-browser support • Design impact (both UI and system) • Complexity, effort • Toolsets, frameworks, and libraries
System Diagram in Miro
None
API Application Endpoints / Services Data Access Layer (DAL) Business
Logic
API Application Endpoints / Services Data Access Layer (DAL) Business
Logic Controller Routing Model
What do we need to work with these boundaries? Responses:
• Do we know the critical flows? What APIs are called for what reasons? • Clarity of each APIs params, etc. • What each field means • Each field’s limits/boundaries and data types • Auth