Last updated: 2 days ago
From a certain point on, every app project suffers from complexity. Even apps that started as lean, well defined projects somewhere back in time, somewhen hit customer’s expectations and get more features implemented than initially planned. Or, e.g., the main cloud service provider gets replaced by a different service due to economic reasons. Existing code then needs to be refactored or replaced, increasing the complexity even more. Examples are abundant and they are likely to increase.
To mitigate side effects of complexity, test driven development is considered to be best practice - at least in theory. Still, many myths entwine around test driven development; on the developer’s hand as well as on the product owner’s hand. Too often it’s not possible for a developer to point out the benefits of test driven development, especially on long term projects. Not using test driven development is a key danger to app projects, as the software renders unmaintainable while aging und getting bigger. Then again, seasoned developers tend to not knowing what and how to cover with tests.
Apart from functional bugs creating a bad user experience, there are security issues, endangering the user’s data or, even more worse, the app operator’s whole infrastructure. Since the General Data Protection Regulation (GDPR), security breaches may lead to existential final penalties. To prevent security issues, identifying risks using threat modeling has become best practice.
Functional bugs and security bugs are just two characteristics of software errors and should be prevented using the same means. But still, there’s no test driven development for security, and there’s no methodology like threat modeling for test driven development. Wouldn’t it be great to combine the best of both worlds to get methodology for test driven development, enabling developers to precisely test for specific error domains of their very app and enabling developers as well to implement security testing in their unit tests?
This talk elucidates the benefits and drawbacks of test driven development and threat modeling and then shows how to combine both to get a comprehensive test suite, covering unit testing and security testing. Using a combined threat modeling methodology, unit testing becomes utmost focused and efficent, even covering security issues, creating a roundup suite, that leverages software quality to a new level.