[OWASP_PHPSEC] Framework testing

Abbas Naderi abiusx at owasp.org
Mon Sep 16 02:15:54 UTC 2013


I think you got us wrong Rahul,
The MVC code you are adding for login, is part of what the developer should do. We're just doing it as a demonstration, cuz most probably most developers will need something like this. Even if they don't, they can reroute it somewhere else. You just add tests for the parts you're doing (which is actually application code, and not framework code), and they will do their parts.
-A
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Sep 15, 2013, at 5:15 PM, Sven Rautenberg <sven at rtbg.de> wrote:

> You can't test code that does not exist.
> 
> Regards,
> Sven
> 
> Am 15.09.2013 23:11, schrieb rahul chaudhary:
>> But adding business logic in model is what developers will do...it depends
>> on what application they are making...how can we test that ?
>> 
>> 
>> On Sun, Sep 15, 2013 at 5:09 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>> 
>>> Controllers CAN be tested, though they require some emulation via some
>>> library or tool. We will add that.
>>> 
>>> But the base idea is, every business logic that NEEDS testing should not
>>> be in contrllers or views, but in models. Those can be easily tested.
>>> -A
>>> ______________________________________________________________
>>> *Notice:** *This message is *digitally signed*, its *source* and *
>>> integrity* are verifiable.
>>> If you mail client does not support S/MIME verification, it will display a
>>> file (smime.p7s), which includes the X.509 certificate and the signature
>>> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>>> AbiusX.com
>>> 
>>> On Sep 15, 2013, at 5:07 PM, rahul chaudhary <
>>> rahul300chaudhary400 at gmail.com> wrote:
>>> 
>>> To test framework we need to test if autoloader is working, if front
>>> controller is working...if requests are handler by proper controllers and
>>> if the controllers properly process the request and calls correct
>>> view...all these must be done manually ....right ??
>>> 
>>> 
>>> On Sun, Sep 15, 2013 at 5:06 PM, Sven Rautenberg <sven at rtbg.de> wrote:
>>> 
>>>> Am 15.09.2013 23:04, schrieb rahul chaudhary:
>>>>> Hello All,
>>>>> 
>>>>> Can someone give me some ideas on how to test the framework because we
>>>>> cannot do it with PHP as the controllers such as login, logout etc wont
>>>>> work in there as they use POST, GET COOKIE etc things....
>>>>> 
>>>>> 
>>>> 
>>>> You can still use PHP. The question is: What do you need tested?
>>>> 
>>>> _______________________________________________
>>>> OWASP_PHP_Security_Project mailing list
>>>> OWASP_PHP_Security_Project at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>> 
>>> 
>>> 
>>> 
>>> --
>>> Regards,
>>> Rahul Chaudhary
>>> Ph - 412-519-9634
>>> _______________________________________________
>>> OWASP_PHP_Security_Project mailing list
>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>> 
>>> 
>>> 
>> 
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130915/ea66f15a/attachment-0001.html>


More information about the OWASP_PHP_Security_Project mailing list