Techniques for Writing Secure Code

Testing

• Test early, often

• Write a test suite to help automate testing (maybe even before you write the app!)

• Do as many things as possible to try and break the app during testing
  • Attempt to impersonate users or servers

  • Attempt to perform fraudulent transactions

  • Attempt to compromise data

  • Attempt to send junk data

  • Attempt to compromise server

  • Attempt a denial of service

  • Allow someone else who doesn't know much about the app to attempt to use it properly

  • Drop cat on keyboard, blow airhorn

  • Allow 3 year old to "play with the computer"