From the course: CSSLP Cert Prep: 5 Secure Software Testing
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Identifying undocumented functionality
From the course: CSSLP Cert Prep: 5 Secure Software Testing
Identifying undocumented functionality
- Apps may pass their verification and validation test, but that doesn't mean you've tested everything. One of the trickier things you'll want to do is attempt to identify undocumented functionality in those apps. One of the oldest jokes in the developer community is it's not a bug, it's a feature. This is the sometimes funny, sometimes scary response that you'll get when you make the app do something it wasn't supposed to do. Application development is tricky. And a lot of apps grow to the point that this unintended or undocumented functionality can slip in. Sometimes it's easier for a developer to joke that I meant to do that than it is to face the mountain of debugging and retesting necessary to find the root cause of the app's newly discovered behavior. Often times this undocumented functionality ends up in the app accidentally. This can happen when developers add a snippet of code to help them troubleshoot a…