Week 5

One of the more important aspects of software development is security testing, and specifically security regression testing. The first round of security testing is designed to run your program through a list of known vulnerabilities and other security assessments to determine if it is ready for prime-time use. If any bugs or, more concerningly, vulnerabilities are found in the code, it is your responsibility to patch it.


However, even after patching out the found vulnerabilities, these patches can sometimes introduce other vulnerabilities themselves. This is the importance of security regression testing, to ensure code you have has not ‘regressed’ to a point less secure than before you started.

I have taken a few coding classes when I first started college and I thought I was going for a Computer Science degree, and if there was one common theme I noticed, it was fixing a bug often made others appear.

This I guess is an almost universal experience when coding, and there have been countless memes created to commemorate it. One of my favorites is the “bugs in the code” song sung to the tune of the “99 bottles of beer” song. The basic gist of it is you have 5 more bugs in the code, sit down patch it out now you only have 17 more bugs in the code.

Comments

Post a Comment

Popular posts from this blog

Week 8

This week we learned about automation concepts and technologies. One particular section I found interest in was the part on the REST API which is an API that can be built into a website that, like APIs in general, allow other websites or apps to integrate with it. The reading then goes on to talk about how the response codes that web browsers send are structured and that’s something I’ve never through about before. Codes starting with 1xx suggest its an informational message, 2xx mean success, 3xx mean a client redirection, 4xx means a client error, and 5xx means a server error. I’ve been using the internet for pretty much as long as I can remember, and have been met with more 404 and 503 errors than I can count, but am just now learning that they indicate client and server errors. One thing I don’t quite understand is how a 404 error can be considered a client error if the resource was not found on the server side. Perhaps the client is asking for a resource that doesn’t exist? ...
Read more

Week 3

Internet of Thing devices have become almost ubiquitous in the last few years since they began taking off. Things like smart speakers with microphones built in that can listen for vocal commands to update you on the weather, set timers and alarms, or even integrate with other smart home IoT devices to perform actions like turning lights on and off, closing window blinds and even controlling HVAC systems. These devices function to make life easier for the occupants of homes with them installed, but one of the seldom discussed challenges that come along with these devices are the vulnerabilities they introduce. Of course, one of the higher vulnerabilities we talked about in the class comes from these devices not implementing security patches for known/discovered vulnerabilities, but one additional security concern they introduce is being constantly connected to the internet, rather than just a LAN. Since many of these devices advertise being able to control them from anywhere u...
Read more