Skip to main content

Posts

Showing posts from 2018

Designing for Security

Ideally, thinking of security at the start of a project will mean more hard decisions and discussions and work up front, but a better implementation and product in the end. Like so much of software engineering, it's a team sport and an infrequently included group in security discussions are the designers, like the folks doing Human Centered Design (HCD or UCD), User Experience (UX) or whomever in your world takes care of designing the parts of the system the users touch. They can help a lot with designing security into a product and setting a cyber security mindset. The article on linked in ( https://www.linkedin.com/pulse/designing-security-lindsay-morsillo/ ) looks at this in more detail (7-10 minutes to read).

Unit Testing - What to Test

This I wrote to answer a question that came up when we were discussing our software process and I was training developers on how to unit test. It seems a simple enough question, but I kept pondering it and delving deeper until I realized I needed to write this monograph. What unit tests should we write? How do we know what to test? Ideally, unit tests should cover every path through the code. It should be your chance to see every path through your code works as expected and as needed. If you are practicing Test Driven Development then it's implied everything gets a test. In the real world, you might not be allowed to test everything - for instance, if the testing suite ends up taking a week to run, then the world will have changed by the time it finishes and the test results will be obsolete. Unit testing at it's basic is testing an object, a method - the smallest unit of your code that it can test independently. It should test the inputs "goes into" an...

Encryption - practicum

Encryption Primer When we specify that things need to be encrypted, it usually means we need to keep those things secret. Encryption in this sense encompasses all the ways to protect information, including public key encryption, cryptographic hashing, digital signatures as well as all the things that support it such as security certificates and key management. Working in a React Native, NodeJS/NPM, JS/ES6 environment, there are many more things to think about than simply calling the OS encryption library and feeling pretty good that's handled. This page is meant to list the available options, applicability to various tasks and the supporting infrastructure required when you need to encrypt meaningful data. An important criteria in evaluating a crypto library is any validation or approval from a standards body. Anybody can implement and publish a npm crypto library, implementing standard cryptographic algorithms - but there is no guarantee with most that they a...