Trusted System Boundaries

November 02, 2022

Trusted System Boundaries

From a short lunch-and-learn session at ConstructConnect: A discussion on why it's important for testers to understand trust boundaries in the systems we work with.

Input processing is complex and expensive. We can't (and shouldn't) do that in every single part of a system, so it's critical to work with developers/architects to create and understand system boundaries. This makes our testing much more effective as we know where to concentrate our efforts.

This L&L session was interactive, so I posed a bunch of questions to get responses, then guided some discussion around what trust boundaries might look like.

Jim Holmes

November 02, 2022

More Decks by Jim Holmes

See All by Jim Holmes

Adapting to Change in Software Delivery

jimholmes

Public_Speaking.pdf

jimholmes

What's Worse? Zombies or Brittle UI Tests?

jimholmes

Odd Parallels Between Weightlifting and Software Delivery

jimholmes

Is Quality The Bottleneck?

jimholmes

Don't Fear Leadership

jimholmes

Intro To TDD

jimholmes

Honor Flight #20 (Bay Area) Recap

jimholmes

100

Coding for Non-Coders workshop

jimholmes

110

Other Decks in Programming

See All in Programming

リストビュー画面UX改善の振り返り

splcywolf

140

State of Namespace

tagomoris

1.4k

The Efficiency Paradox and How to Save Yourself and the World

hollycummins

110

RuboCop: Modularity and AST Insights

koic

430

Lambda(Python)のリファクタリングが好きなんです

komakichi

190

新しいPHP拡張モジュールインストール方法「PHP Installer for Extensions (PIE)」を使ってみよう！

cocoeyes02

380

[NG India] Event-Based State Management with NgRx SignalStore

markostanimirovic

150

PHPで書いたAPIをGoに書き換えてみた〜パフォーマンス改善の可能性を探る実験レポート〜

koguuum

150

Preact、HooksとSignalsの両立 / Preact: Harmonizing Hooks and Signals

ssssota

1.5k

Defying Front-End Inertia: Inertia.js on Rails

skryukov

480

KawaiiLT 登壇資料　キャリアとモチベーション

hiiragi

110

AI時代の開発者評価について

ayumuu

140

Featured

See All Featured

It's Worth the Effort

184

28k

Designing Experiences People Love

moore

141

24k

Typedesign – Prime Four

hannesfritz

2.6k

Visualization

eitanlees

146

16k

A better future with KSS

kneath

239

17k

The Success of Rails: Ensuring Growth for the Next 100 Years

eileencodes

7.2k

Performance Is Good for Brains [We Love Speed 2024]

tammyeverts

750

What's in a price? How to price your products and services

michaelherold

245

12k

Code Review Best Practice

trishagee

18k

Writing Fast Ruby

sferik

628

61k

VelocityConf: Rendering Performance Case Studies

addyosmani

328

24k

Build your cross-platform service in a week with App Engine

jlugia

229

18k

Transcript

Trusted System Boundaries Learn On the Go 11/2/2022
None
What Do We Test for Input? Responses: • Is the
item in the catalog • JS injection / other malicious eg sql injection • Cookies and token—auth • Boundary failures • Authenticity—is correct input in correct field? (cross-wire fields) • Correct character set (Latin-1, e.g.) • Rejecting binary input in text • Max/min length (also a boundary) • Blanks or zero (no input given)
What’s involved in building safe code and testing it? Responses:
• Build protection into code • Cross-browser support • Design impact (both UI and system) • Complexity, effort • Toolsets, frameworks, and libraries
System Diagram in Miro
None
API Application Endpoints / Services Data Access Layer (DAL) Business
Logic
API Application Endpoints / Services Data Access Layer (DAL) Business
Logic Controller Routing Model
What do we need to work with these boundaries? Responses:
• Do we know the critical flows? What APIs are called for what reasons? • Clarity of each APIs params, etc. • What each field means • Each field’s limits/boundaries and data types • Auth