[OWASP_PHPSEC] Framework testing

rahul chaudhary rahul300chaudhary400 at gmail.com
Mon Sep 16 02:34:09 UTC 2013


wait wait Abbas..now I am all confused....:(

so you are saying that I do not have to touch framework because that's
where the developers will add code...whatever you & me have added is just
for demonstration...

so I should just focus on 100% test cases for our libraries and forger
framework for now... ???


On Sun, Sep 15, 2013 at 10:15 PM, Abbas Naderi <abiusx at owasp.org> wrote:

> I think you got us wrong Rahul,
> The MVC code you are adding for login, is part of what the developer
> should do. We're just doing it as a demonstration, cuz most probably most
> developers will need something like this. Even if they don't, they can
> reroute it somewhere else. You just add tests for the parts you're doing
> (which is actually application code, and not framework code), and they will
> do their parts.
> -A
> ______________________________________________________________
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
>
> On Sep 15, 2013, at 5:15 PM, Sven Rautenberg <sven at rtbg.de> wrote:
>
> You can't test code that does not exist.
>
> Regards,
> Sven
>
> Am 15.09.2013 23:11, schrieb rahul chaudhary:
>
> But adding business logic in model is what developers will do...it depends
> on what application they are making...how can we test that ?
>
>
> On Sun, Sep 15, 2013 at 5:09 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>
> Controllers CAN be tested, though they require some emulation via some
> library or tool. We will add that.
>
> But the base idea is, every business logic that NEEDS testing should not
> be in contrllers or views, but in models. Those can be easily tested.
> -A
> ______________________________________________________________
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<
> http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
>
> On Sep 15, 2013, at 5:07 PM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
> To test framework we need to test if autoloader is working, if front
> controller is working...if requests are handler by proper controllers and
> if the controllers properly process the request and calls correct
> view...all these must be done manually ....right ??
>
>
> On Sun, Sep 15, 2013 at 5:06 PM, Sven Rautenberg <sven at rtbg.de> wrote:
>
> Am 15.09.2013 23:04, schrieb rahul chaudhary:
>
> Hello All,
>
> Can someone give me some ideas on how to test the framework because we
> cannot do it with PHP as the controllers such as login, logout etc wont
> work in there as they use POST, GET COOKIE etc things....
>
>
>
> You can still use PHP. The question is: What do you need tested?
>
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>
>
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>
>
>
>
>
>
>


-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130915/eb3f14c7/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list