Writing Security Tests


Why

This Working Session will look at Security Tests. These are a special type of test that confirms, via passing tests that security issues either exist or have been fixed.

What

  • When to write security tests
  • Common techniques
  • Transforming integration and e2e tests into security tests
  • Running tests against production
  • Instrumenting code to inject payloads
  • Running tests in parallel with builds or in-line
  • Inserting error handling into tests so that tests differentiate between an internal error and test failure

Outcomes

This Working Session will produce guidelines for writing security tests.

Who

The target audience for this Working Session is:

  • Security professionals
  • Developers

References


Working materials

  • Draft guidelines for writing security tests

Content

…add content…

Related Working Session(s)



Back to list of all Working Sessions and Tracks

Edit this page here