M.19) Use automated (security) regression tests

Category:        Development process

Responsible:   Developers, PSR

Effort:               Initial effort for writing tests, but saves much time once the software gets more complex or needs to be refactored.

Based on:        BSI IT Grundschutz M 2.82 / M 2.83 / M 2.556 / M 2.568

Automated regression tests are very important to ensure the functionality of the software before delivery or deployment. With automated tests it is possible to refactor the code without being afraid of negatively affecting or destroying the software. This allows to update old code and create a new architecture to make the software more organized and understandable. Clean architecture and code improves the software quality and makes it easier to implement and understand security mechanisms.

As already mentioned in M.10 automated regression tests should also be used for testing information security aspects of the product, like bypassing authentication, accessing unauthorized site and performing attacks from the OWASP Top 10. The tests should be written by the testers or developers and the PSR should support and review them. In this way the developers and testers get sensitized to security related topics.

 

 

Disclaimer

The information contained in this website is for general information purposes only. You can find more information about the accuracy of the information on the disclaimer and terms and conditions pages.