To follow up on my last blog post about a DOS vulnerability in Silverstripe I thought I might talk about the importance of testing and show you a few handy tools that make it easy to test your applications.
So why testing important? Testing insurers that your application or code is running as you expect. Application/Code that is regularly tested give some confidence to your users or customer that if something does show up you will know about it and fix it. With that being said you can't test for every use case, this is where unit tests come in.
Unit tests are used to test the Application/Code in small parts and breaks it down to functionality based testing for example, you could have a test that checked whether you could create, delete, edit, publish and un-publish a page, that would be a group of tests, you would have one for create, edit, delete, publish and un-publish. You can also setup the tests to depend on each other so if the create test fails the whole page test will fail. Having this single point of failure in tests can be handy.
Security testing is a whole different thing within itself. You can check for things like SQL injection and basic privilege escalation etc. But you can't always find the less obvious security flaws. One solution if you can afford it is to hire a IT security company to pentest your Application/Code but this can be expensive. You could ask some friends to try and hack your application or just to have a look at the code, sometimes a second set of eyes is very helpful.
Here are a couple of cool free tools that can help you test your applications/code:
- Travis CI - Travis CI is a hosted Continuous Integration tool, which can be integrated with Github and will run test when you push a new commit to Github.
- Jenkins CI - Jenkins is the Continuous Integration tool that is used by Travis CI to run the tests, Jenkins can be self hosted which is a good idea for big projects and especially if you are doing automated deployments if the tests pass.
Here are some links on Unit Testing:
If your not testing your applications/code maybe you start now as it will help you avoid problems in the future.