-
Notifications
You must be signed in to change notification settings - Fork 8
Presentation notes
Randy Gingeleski edited this page Apr 17, 2018
·
1 revision
Work in progress
-
Before you can do, you have to believe
- The security and development teams need to buy into the practices and benefits of this methodology
-
Then the doing gets supported by tools that facilitate BDD adoption
- Tools propose a structure for writing specifications that bring needed clarity into requirements
-
BDD expects desired behavior to be written in a Given, When, Then format
- Given the pre-requisites to the expectation
- When the actions happen that we have expectations about
- Then we make assertions about what we expected
Given my application is up in an integration environment
When a "GET" request is made to endpoint "/helloworld"
Then the response status code is 200
And the response body is "Hello World"
- BDD testing tools help automate and execute scenarios like this
- These specs then serve as living documentation
- If a requirement changes here, the execution of the test changes with it
- Cucumber is one such tool
- TODO
- TODO
- TODO
cukelib-jvm
- Contains the common step definitions
cucumber-web-security-tests
- Sample project against a full web application
- Leverages the
cukelib-jvmlibrary
cucumber-api-security-tests
- Sample project against a REST API
- Leverages the
cukelib-jvmlibrary