In order to (1) conclusively show existing security vulnerabilities (and the various ways they can be exploited) and (2) once the code has been modified to exclude them, prove that this has been done, how would you set up automated tests?
- What kinds of things would you include in your tests? How would you replicate the security issues?
- Would your tests pass or fail when the vulnerabilities exist? When they no longer exist?
- How would you ensure that the tests would catch new instances of similar vulnerabilities?
- Can you provide a diagram of your solution (optional)?
Back to all challenges