Trusted System Boundaries
Learn On the Go 11/2/2022
Slide 2
Slide 2 text
No content
Slide 3
Slide 3 text
What Do We Test for Input?
Responses:
• Is the item in the catalog
• JS injection / other malicious eg sql injection
• Cookies and token—auth
• Boundary failures
• Authenticity—is correct input in correct field? (cross-wire fields)
• Correct character set (Latin-1, e.g.)
• Rejecting binary input in text
• Max/min length (also a boundary)
• Blanks or zero (no input given)
Slide 4
Slide 4 text
What’s involved in building safe code and
testing it?
Responses:
• Build protection into code
• Cross-browser support
• Design impact (both UI and system)
• Complexity, effort
• Toolsets, frameworks, and libraries
Slide 5
Slide 5 text
System Diagram in Miro
Slide 6
Slide 6 text
No content
Slide 7
Slide 7 text
API Application
Endpoints
/ Services
Data
Access
Layer
(DAL)
Business
Logic
Slide 8
Slide 8 text
API Application
Endpoints / Services Data Access Layer (DAL)
Business Logic
Controller
Routing
Model
Slide 9
Slide 9 text
What do we need to work with these
boundaries?
Responses:
• Do we know the critical flows? What APIs are called for what reasons?
• Clarity of each APIs params, etc.
• What each field means
• Each field’s limits/boundaries and data types
• Auth