Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management

Based on the security architecture and design, we have to implement them as components and integrate them into the Web portal application. Because the scope of this chapter is limited to delivering end-to-end security architecture, we do not delve into the implementation details of the case study.

Unit and Integration Testing

One of the most important aspects of any development process is unit testing. Countless bugs, security holes, and system failures could have been prevented with a minimum amount of unit and integration testing. Like security, it is always paid lip service but seldom receives the time and resources necessary. When developers are behind schedule, the first shortcut they take is to skip writing the unit test. This often leads to bugs that the unit and integration testing would have readily revealed, and these bugs are what malicious hackers exploit.

In our scenario, we were careful to allot the proper amount of time to develop and execute unit tests throughout the code and then run integration test on executable subsystems. The unit tests themselves are an artifact of the construction phase, and code is not considered complete until the unit test is delivered and executed successfully. As a best practice, we recommend incorporating the unit tests into the build cycle. When weekly or nightly integration builds are performed, execution of the unit and integration tests should be part of the process, with the developers and development managers receiving reports of the results. This allows the development team to quickly identify when a change, either internal or external to a subsystem, causes an unintended failure elsewhere.

There are several unit and integration testing tools available in the industry and from open-source initiatives. One of the most popular is jUnit (http://junit.sourceforge.net/). JUnit is an open-source test framework that allows developers to easily write and execute unit tests. It is now integrated with many popular integrated development environments (IDEs) and provides a nice HTML reporting capability.

Категории