[OWASP_PHPSEC] Framework testing

Abbas Naderi abiusx at owasp.org
Mon Sep 16 11:16:17 UTC 2013


Nop!
It is not just demonstration. It is also best practices, and showing how the can PROPERLY use the libraries. 
A framework is only good if it already has all the repetetive code for an application, including user management, right?
-Abbas
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Sep 15, 2013, at 10:34 PM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:

> wait wait Abbas..now I am all confused....:( 
> 
> so you are saying that I do not have to touch framework because that's where the developers will add code...whatever you & me have added is just for demonstration...
> 
> so I should just focus on 100% test cases for our libraries and forger framework for now... ???
> 
> 
> On Sun, Sep 15, 2013 at 10:15 PM, Abbas Naderi <abiusx at owasp.org> wrote:
> I think you got us wrong Rahul,
> The MVC code you are adding for login, is part of what the developer should do. We're just doing it as a demonstration, cuz most probably most developers will need something like this. Even if they don't, they can reroute it somewhere else. You just add tests for the parts you're doing (which is actually application code, and not framework code), and they will do their parts.
> -A
> ______________________________________________________________
> Notice: This message is digitally signed, its source and integrity are verifiable.
> If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com
> 
> On Sep 15, 2013, at 5:15 PM, Sven Rautenberg <sven at rtbg.de> wrote:
> 
>> You can't test code that does not exist.
>> 
>> Regards,
>> Sven
>> 
>> Am 15.09.2013 23:11, schrieb rahul chaudhary:
>>> But adding business logic in model is what developers will do...it depends
>>> on what application they are making...how can we test that ?
>>> 
>>> 
>>> On Sun, Sep 15, 2013 at 5:09 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>>> 
>>>> Controllers CAN be tested, though they require some emulation via some
>>>> library or tool. We will add that.
>>>> 
>>>> But the base idea is, every business logic that NEEDS testing should not
>>>> be in contrllers or views, but in models. Those can be easily tested.
>>>> -A
>>>> ______________________________________________________________
>>>> *Notice:** *This message is *digitally signed*, its *source* and *
>>>> integrity* are verifiable.
>>>> If you mail client does not support S/MIME verification, it will display a
>>>> file (smime.p7s), which includes the X.509 certificate and the signature
>>>> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>>>> AbiusX.com
>>>> 
>>>> On Sep 15, 2013, at 5:07 PM, rahul chaudhary <
>>>> rahul300chaudhary400 at gmail.com> wrote:
>>>> 
>>>> To test framework we need to test if autoloader is working, if front
>>>> controller is working...if requests are handler by proper controllers and
>>>> if the controllers properly process the request and calls correct
>>>> view...all these must be done manually ....right ??
>>>> 
>>>> 
>>>> On Sun, Sep 15, 2013 at 5:06 PM, Sven Rautenberg <sven at rtbg.de> wrote:
>>>> 
>>>>> Am 15.09.2013 23:04, schrieb rahul chaudhary:
>>>>>> Hello All,
>>>>>> 
>>>>>> Can someone give me some ideas on how to test the framework because we
>>>>>> cannot do it with PHP as the controllers such as login, logout etc wont
>>>>>> work in there as they use POST, GET COOKIE etc things....
>>>>>> 
>>>>>> 
>>>>> 
>>>>> You can still use PHP. The question is: What do you need tested?
>>>>> 
>>>>> _______________________________________________
>>>>> OWASP_PHP_Security_Project mailing list
>>>>> OWASP_PHP_Security_Project at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>>> 
>>>> 
>>>> 
>>>> 
>>>> --
>>>> Regards,
>>>> Rahul Chaudhary
>>>> Ph - 412-519-9634
>>>> _______________________________________________
>>>> OWASP_PHP_Security_Project mailing list
>>>> OWASP_PHP_Security_Project at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>> 
>>>> 
>>>> 
>>> 
>>> 
>> 
> 
> 
> 
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130916/8e434987/attachment-0001.html>


More information about the OWASP_PHP_Security_Project mailing list