Vasantharaju M S, McAfee & Joshua Cajetan Rebelo, Siemens
With cyber-attacks on the rise and high-profile breaches becoming the new normal, being on top of the current trends in cyber threats is key to improving your cybersecurity posture. Organizations span the spectrum when it comes to the maturity around creating secure products.
Some organizations have a well-defined security SDL process. Security is often overlooked when discussing and implementing delivery optimization. Any change to application or environment, changes the attack surface. If you don’t have a “secure by design” strategy at every stage of product development to product deployment, addressing security can become very intimidating and challenging. Security finding found late in the release cycle or post release, can ask for architecture re-designing, which can be expensive.
The current scenario is that Unit tests ensures the unit is functional and but boundary conditions or covering security aspect of the unit is rarely considered . Security mostly gets addressed later in the SDL cycle and product team will rely on the pentest / security test audit results.
In this paper, we present a Unit level “secure by design” approach which will help in early security defect finding. This approach will help to address multiple layered security testing i.e address security at Unit level. Many times, pentesting and security test might not be able to penetrate deep into the product. This is very Unit level test will help to address security.
Unit testing platform supports mocking and accessing private vectors which can be leveraged to ensure security at different abstraction layers. As more organization are adopting TDD (Test Driven development), Unit level security testing will enforce security by design, thus addressing security early in the SDL cycle.
The paper will cover tools , processes and best practices for running security related test cases in Unit Testing