-
Notifications
You must be signed in to change notification settings - Fork 0
Testing Plan
To ensure the quality of the system, we use security coding standards, introduce various quality gates, use multiple testing tools and static analysis tools.
As security is of paramount importance in this project, we define the secure coding standards the implementations should follow.
- Server side
- SEI CERT Oracle Coding Standard for Java
- Native component
- SEI CERT C Coding Standard
- Client side
- Android Secure Coding Standard
Compliance is checked automatically by SonarCloud and the IDE used during development.
For details see: Security Coding Standards
As security is of utmost importance, we defined various quality gates for the implementation phase as well as the testing phase, which applies to all components of the system.
For details see: Quality Gates
To enforce code quality and security rules defined in Quality Gates, we plan to use the functionality provided by GitHub.
For details see: Enforcing Code Quality and Security
Apart from adhering to security guidelines and pre-defined processes, we also use several testing tools, such are:
- Server side
- The functional and basic security tests should be developed as end-to-end tests
- sqlmap
- Native component
- Fuzzing: AFL
- Valgrind
- CPAChecker
- Client side
- Drozer
For details see: Testing Tools
By using static analysis we plan to eliminate most of the vulnerabilities in our code as they arise. We plan to use tools that integrate with our development environment and support the technologies we use.
- SpotBugs
- SonarCloud
For detail see: Static Analysis Tools
© Grotesque Gecko, 2020
- Functional Requirements and Use Cases
- Security Requirements and Objectives
- Threat Assessment
- Quality Gates
- Chosen Technologies
- Required Security Functionalities
- Structural Model of the System
- Behavioral Model of the System