[Owasp-testing] about testing

Richard van Bemmelen zappfinger at gmail.com
Mon Feb 4 14:16:06 UTC 2019

Thanks for this great initiative. I do have a comment reading your guide in
the section 'Develop the right mindset'. You write:

*Normal use cases will test the normal **behavior of the application when a
user is using it in the manner that is **expected. Good security testing
requires going beyond what is expected and thinking like an attacker who is
trying to break the application.*
*Creative thinking can help to determine what unexpected data may*
*cause an application to fail in an insecure manner*

Use cases have nothing to do with test cases. What you describe after that
is true for any good test case, not just security related. Normal test
cases only cover 20 % of the cases, the normal behaviour or the 'happy
flow'. The other 80 % of the test cases should be written to cover the
unexpected, but also for long term tests to detect memory or resource leaks.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20190204/d9c75e7a/attachment.html>

More information about the Owasp-testing mailing list